Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Conduit search and InstallX pop-up [Solved]


  • This topic is locked This topic is locked

#1
Pat B

Pat B

    New Member

  • Member
  • Pip
  • 8 posts
I have a new windows 8 desktop computer and in recent weeks I have been getting the annoying InstallX pop-up. I just x out of it. I suppose it was attached to Java or something I downloaded. (I also keep getting McAfee offers. Any way to stop them as well). I have the free one year Norton anti-virus installed, but it evidently did not prevent me from getting the ConduitSearchProtect. I deleted the conduit search program file, removed the conduit search engine from Internet Explorer and Firefox tools. I ran CCleaner, Malwarebytes, and Should I Remove It and deleted cookies and cache and some unneeded PUPS. Malwarebytes and CCleaner indicate that there are still remnants of conduit search in the registry but I don't know if it is safe to delete them. I'm not programming savvy. I did do a registry backup to the desktop screen. I still get the InstallX pop-up.

Once I get rid of this conduit search stuff, is there any better antivirus that would prevent it in the future? Is Microsoft's built-in Defender better? I believe it is disabled on my computer because of the Norton.

OTL logfile created on: 2/15/2014 4:09:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 51.88% Memory free
15.87 Gb Paging File | 11.99 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.26 Gb Total Space | 814.11 Gb Free Space | 88.66% Space Free | Partition Type: NTFS

Computer Name: PAT | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 16:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Downloads\OTL.exe
PRC - [2014/02/07 16:29:58 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
PRC - [2014/01/28 09:19:05 | 000,958,536 | ---- | M] (InstallX, LLC) -- C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
PRC - [2013/12/23 16:10:28 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 16:36:06 | 000,831,488 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
PRC - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
PRC - [2013/10/05 22:27:28 | 000,129,424 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
PRC - [2013/08/27 17:28:22 | 000,651,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\ARA.exe
PRC - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 15:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 16:32:16 | 000,432,528 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
PRC - [2013/03/04 19:30:12 | 001,549,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
PRC - [2013/01/30 18:32:10 | 000,505,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2013/01/30 18:29:54 | 001,448,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2013/01/18 14:01:12 | 002,009,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
PRC - [2013/01/14 12:26:02 | 000,366,040 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/14 12:26:02 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/12/27 17:26:20 | 004,522,496 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/12/18 16:16:56 | 000,165,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/10/26 18:10:40 | 000,130,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/10/26 13:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/08/02 15:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 15:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2005/08/25 16:24:30 | 000,925,696 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 16:29:58 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2013/12/05 14:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/02/27 19:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2005/08/25 16:24:30 | 000,925,696 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/15 19:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/11/30 17:40:54 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/30 17:40:54 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/30 17:40:53 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/27 10:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/07 22:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/09/29 23:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/29 23:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/29 23:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/29 23:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/28 19:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/08/28 19:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/08/28 19:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/08/28 19:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/08/22 07:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 07:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/09 17:18:58 | 000,328,544 | ---- | M] (Toshiba Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2013/07/31 12:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2013/03/26 19:37:02 | 000,216,976 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2012/12/10 16:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 16:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/02/07 16:29:59 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/23 16:10:28 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/12 11:40:35 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -- (NAT)
SRV - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe -- (NAV)
SRV - [2013/10/05 22:27:28 | 000,129,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe -- (NCO)
SRV - [2013/09/29 23:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/21 06:22:46 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/10 12:54:38 | 000,019,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe -- (dts_apo_service)
SRV - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/27 16:32:16 | 000,432,528 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe -- (DACoreService)
SRV - [2013/01/28 14:49:14 | 004,230,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2013/01/14 12:26:02 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/14 12:26:02 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/12/18 16:16:56 | 000,165,488 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/10/26 18:10:40 | 000,130,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/10/26 13:40:10 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/08/02 15:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/01 19:15:38 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/30 17:40:53 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/30 17:39:17 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/10 21:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 06:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/11/01 06:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2013/10/30 19:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/09 01:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/09/29 23:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/29 23:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/29 23:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 22:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 22:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/27 14:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/09/21 06:22:34 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/22 17:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 17:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 07:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 07:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 05:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/19 12:32:10 | 000,032,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/29 12:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NATx64\010A000.009\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 21:01:16 | 000,110,976 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/28 19:48:14 | 000,194,456 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2013/01/28 19:48:14 | 000,048,024 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2013/01/15 19:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (TDCMDPST)
DRV:64bit: - [2012/07/12 20:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NARAx64\0403000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV - [2014/01/21 08:13:08 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/10 11:56:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.016\ex64.sys -- (NAVEX15)
DRV - [2014/01/10 11:56:15 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.016\eng64.sys -- (NAVENG)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/01 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/01 01:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E2807A52-035B-4014-AAF7-DF2653D33D3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{E2807A52-035B-4014-AAF7-DF2653D33D3A}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {E2807A52-035B-4014-AAF7-DF2653D33D3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E2807A52-035B-4014-AAF7-DF2653D33D3A}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://login.yahoo.com/config/log [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?mkg=015
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{02EEBB5C-F34B-482F-B0AA-1C7A50F98969}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://us.yhs4.searc...669,0,FF26,7635
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-type: "394500523"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://us.yhs4.searc...%PARTNERID%&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Pat\Desktop\New folder\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013/12/01 19:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2014/01/29 15:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/09 23:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\mozilla\Extensions
[2013/12/09 23:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/01/29 12:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\mozilla\Firefox\Profiles\towtrbzm.default-1390312468564\extensions
[2014/01/21 16:40:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Pat\AppData\Roaming\mozilla\Firefox\Profiles\towtrbzm.default-1390312468564\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/01/21 16:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/21 16:38:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/21 16:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/01/21 16:38:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/02/15 16:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/02/15 16:10:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 16:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\distribution\extensions
[2014/02/15 16:10:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\updated\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosTogKeyMon] C:\Program Files\TOSHIBA\Hotkey\TosTogKeyMon.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [InstallX Search Protect for Yahoo] C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (InstallX, LLC)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O4 - HKCU..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" File not found
O4 - Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Pat\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08A1B842-F50E-4385-B9B5-E7ECCA783A9C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b38a589-6f29-11e3-be7e-606c66c5b5c4}\Shell - "" = AutoRun
O33 - MountPoints2\{4b38a589-6f29-11e3-be7e-606c66c5b5c4}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/15 16:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/15 16:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/02/09 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\NPE
[2014/01/29 11:28:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SysWow64\AI_RecycleBin
[2014/01/29 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
[2014/01/29 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reason
[2014/01/28 23:12:41 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Malwarebytes
[2014/01/28 23:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/28 23:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/28 23:12:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/01/28 23:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/28 22:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/28 22:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/28 09:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiDefMedia
[2014/01/28 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buzz-it
[2014/01/28 09:18:32 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/01/21 15:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/01/21 15:54:00 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Yahoo!
[2014/01/21 15:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/01/21 14:38:03 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Diagnostics
[2014/01/21 08:54:34 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\Old Firefox Data
[2014/01/20 16:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SearchProtect
[2014/01/20 16:34:46 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\SearchProtect
[2014/01/20 16:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minesweeper
[2014/01/20 16:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minesweeper
[2014/01/20 16:33:50 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Programs
[2014/01/20 12:16:44 | 000,000,000 | ---D | C] -- C:\Users\Pat\Documents\Corel PaintShop Pro X6 Script Guide
[2014/01/19 08:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceFilter3
[2014/01/19 08:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Reallusion
[2014/01/19 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion
[2014/01/19 08:56:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2014/01/19 08:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reallusion
[2014/01/18 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\Pat\Documents\PSPX6_Hotfix
[2014/01/18 16:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
[2014/01/18 16:03:39 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Corel
[2014/01/18 16:03:31 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Ulead Systems
[2014/01/18 16:03:28 | 000,000,000 | ---D | C] -- C:\Users\Pat\Documents\Corel PaintShop Pro
[2014/01/18 16:03:28 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Corel PaintShop Pro
[2014/01/18 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2014/01/18 15:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2014/01/18 15:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2014/01/18 15:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2014/01/18 15:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6
[2014/01/18 15:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2014/01/18 15:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/15 16:04:30 | 000,007,998 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2014/02/15 16:03:47 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/15 16:03:46 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/02/15 15:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/13 14:30:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/10 16:12:57 | 265,452,220 | ---- | M] () -- C:\Users\Pat\Desktop\registry editor.reg
[2014/02/09 16:59:00 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/02/09 16:59:00 | 000,730,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/02/09 16:59:00 | 000,135,520 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/01/29 15:45:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/29 15:45:31 | 2463,014,911 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/29 11:28:51 | 000,001,300 | ---- | M] () -- C:\Users\Pat\Desktop\Should I Remove It.lnk
[2014/01/28 23:12:30 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/28 22:48:18 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/21 16:38:55 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/20 16:34:09 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Minesweeper.lnk
[2014/01/19 08:57:59 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\FaceFilter v3.02 Standard.lnk
[2014/01/19 08:57:47 | 000,000,178 | RHS- | M] () -- C:\WINDOWS\FF3STET.BIN
[2014/01/18 17:11:16 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X6 (64-bit).lnk
[2014/01/18 17:09:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X6.lnk
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/10 16:12:45 | 265,452,220 | ---- | C] () -- C:\Users\Pat\Desktop\registry editor.reg
[2014/01/29 11:28:51 | 000,001,300 | ---- | C] () -- C:\Users\Pat\Desktop\Should I Remove It.lnk
[2014/01/28 23:12:30 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/28 22:48:17 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/20 16:34:08 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Minesweeper.lnk
[2014/01/19 08:57:59 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\FaceFilter v3.02 Standard.lnk
[2014/01/19 08:57:47 | 000,000,178 | RHS- | C] () -- C:\WINDOWS\FF3STET.BIN
[2014/01/18 15:52:04 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X6 (64-bit).lnk
[2014/01/18 15:50:10 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X6.lnk
[2014/01/14 19:52:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/27 12:42:32 | 000,000,288 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\.backup.dm
[2013/12/01 23:43:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/30 18:41:31 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/11/30 18:41:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/11/30 18:39:30 | 000,007,998 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2013/11/30 18:39:02 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/11/30 18:38:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/11/30 18:38:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2013/09/21 06:22:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/09/21 06:22:28 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/09/21 06:22:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/12/10 16:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/01/28 09:25:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/30 17:41:51 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/30 17:41:51 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/23 16:10:05 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Book Place
[2013/11/30 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\ControlCenter4
[2014/01/28 15:31:43 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo
[2013/11/30 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Nuance
[2013/11/29 23:44:36 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\OpenOffice
[2013/12/09 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TomTom
[2014/01/18 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Ulead Systems
[2013/12/16 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WildTangent
[2013/11/29 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WinBatch
[2013/12/16 22:44:12 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Pat\SkyDrive:ms-properties

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pat B

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I downloaded AdwCleaner and ran the scan. I still got an InstallX popup when I was done after the reboot. I downloaded Junkware Removal Tool. I have Windows 8 but did not get an option to click JRT.exe or to run as Administrator. I got a black box with a warning that I may lose the desktop momentarily but that was normal. Then it said to click any key to begin. I disabled Norton for 15 minutes, then clicked a key. There was a flashing shield icon in my task bar. When I clicked to open it, the box asked: Do you want to allow the following program to make changes to this computer, Registry Editor, Microsoft Windows. I clicked yes and JRT still did not continue, so I clicked no and the JRT black window said "not allowed" and stopped. I reopened the JRT download and started it again and it continued it for a few moments and gave me the notepad log. I went into a website through Firefox to test for problems and I got the InstallX pop-up. The InstallX pop-up also appeared again while typing this message. I x-ed out the pop-up each time. Notepads below.

I also do not see any button on my post to select to "Follow this topic-receive notification instantly"

# AdwCleaner v3.019 - Report created 17/02/2014 at 11:27:55
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Pat - PAT
# Running from : C:\Users\Pat\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder Deleted : C:\WINDOWS\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Pat\AppData\Local\Pokki
Folder Deleted : C:\Users\Pat\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\towtrbzm.default-1390312468564\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\towtrbzm.default-1390312468564\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\towtrbzm.default-1390312468564\prefs.js ]


*************************

AdwCleaner[R0].txt - [3455 octets] - [17/02/2014 11:26:53]
AdwCleaner[S0].txt - [3197 octets] - [17/02/2014 11:27:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3257 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 x64
Ran by Pat on Mon 02/17/2014 at 11:58:21.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pat\AppData\Roaming\mozilla\firefox\profiles\towtrbzm.default-1390312468564\minidumps [1 files]



~~~ Event Viewer Logs were cleared
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pat B

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I downloaded Combofix and when I tried to open the download I got a pop-up that says combofix is not meant to be run in "compatibility Mode". When I researched compatibility mode and combofix, bleepingcomputer.com indicates the program is not compatible with Windows 8.1 which is what I have. What else can I try on Win 8.1. Thanks
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pat B



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

#7
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, I ran the 64 bit version of FRST. You didn't tell me to turn off the anti-virus, so I didn't. Is that okay? Thanks for the quick response. Logs copied below.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Pat (administrator) on PAT on 19-02-2014 16:41:36
Running from C:\Users\Pat\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TosTogKeyMon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(InstallX, LLC) C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(eBay) C:\Program Files\WindowsApps\eBayInc.eBay_1.5.1.13_neutral__1618n3s9xq8tw\eBay.CoreApp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosTogKeyMon] - C:\Program Files\TOSHIBA\Hotkey\TosTogKeyMon.exe [2365792 2013-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] - C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\Run: [InstallX Search Protect for Yahoo] - C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe [958536 2014-01-28] (InstallX, LLC)
HKU\S-1-5-21-3782273632-2773322664-1913436750-1001\...\MountPoints2: {4b38a589-6f29-11e3-be7e-606c66c5b5c4} - "E:\LaunchU3.exe"
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Pat\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?mkg=015
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://login.yahoo....arks.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
SearchScopes: HKLM - DefaultScope {E2807A52-035B-4014-AAF7-DF2653D33D3A} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM - {E2807A52-035B-4014-AAF7-DF2653D33D3A} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {E2807A52-035B-4014-AAF7-DF2653D33D3A} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {E2807A52-035B-4014-AAF7-DF2653D33D3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs4.searc...669,0,FF26,7635
SearchScopes: HKCU - {E2807A52-035B-4014-AAF7-DF2653D33D3A} URL =
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\towtrbzm.default-1390312468564
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://my.yahoo.com/
FF Keyword.URL: hxxp://us.yhs4.search.yahoo.com/yhs/search?ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,00000000,0,0,0,%PARTNERID%&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\Pat\Desktop\New folder\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-03-27] (Nuance Communications, Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-23] (WildTangent)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-01] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140218.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140219.001\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140219.001\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-09] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-30] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NAVx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NAVx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1501000.012\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-01] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-19 16:41 - 2014-02-19 16:41 - 00021943 _____ () C:\Users\Pat\Downloads\FRST.txt
2014-02-19 16:40 - 2014-02-19 16:41 - 00000000 ____D () C:\FRST
2014-02-19 16:37 - 2014-02-19 16:38 - 02153472 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe
2014-02-19 11:03 - 2014-02-19 11:03 - 00005154 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2014-02-19 10:27 - 2014-02-19 10:28 - 05183254 _____ (Swearware) C:\Users\Pat\Downloads\ComboFix.exe
2014-02-17 12:17 - 2014-02-17 12:17 - 00001031 _____ () C:\Users\Pat\Desktop\JRT new.txt
2014-02-17 12:15 - 2014-02-17 12:15 - 00001031 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-02-17 12:13 - 2014-02-17 12:14 - 01037530 _____ (Thisisu) C:\Users\Pat\Downloads\JRT(1).exe
2014-02-17 11:58 - 2014-02-17 11:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-17 11:54 - 2014-02-17 11:54 - 01037530 _____ (Thisisu) C:\Users\Pat\Downloads\JRT.exe
2014-02-17 11:51 - 2014-02-17 11:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 11:46 - 2014-02-17 11:46 - 00003345 _____ () C:\Users\Pat\Desktop\AdwCleaner[S0].txt
2014-02-17 11:25 - 2014-02-17 11:28 - 00000000 ____D () C:\AdwCleaner
2014-02-17 11:19 - 2014-02-17 11:19 - 01241888 _____ () C:\Users\Pat\Downloads\AdwCleaner.exe
2014-02-17 11:14 - 2014-02-17 11:42 - 00000000 ____D () C:\Users\Pat\Desktop\Hiking 09-30-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Fishing buddies 10-11-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Deb Kula Funeral 12-10-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Christmas light 12-26-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Christmas 2013 12-25-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Backyard birds 1-5-2014
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Backyard birds 1-4-2014
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Amanda Allen Memorial 2-2-2014 dod1-26-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\123 N 18th 10-29-2013
2014-02-15 16:15 - 2014-02-15 16:15 - 00071860 _____ () C:\Users\Pat\Downloads\Extras.Txt
2014-02-15 16:14 - 2014-02-15 16:14 - 00141490 _____ () C:\Users\Pat\Downloads\OTL.Txt
2014-02-15 16:08 - 2014-02-15 16:08 - 00602112 _____ (OldTimer Tools) C:\Users\Pat\Downloads\OTL.exe
2014-02-15 16:03 - 2014-02-15 16:03 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-15 09:03 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 09:03 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 09:03 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 09:03 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 09:03 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 09:03 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 09:03 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 09:03 - 2013-11-27 05:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 09:03 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 09:03 - 2013-11-27 05:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 09:03 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 09:03 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 09:03 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 09:03 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 09:03 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 09:03 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 09:03 - 2013-11-26 23:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-15 09:03 - 2013-11-26 08:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-15 09:03 - 2013-11-26 08:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-15 09:03 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 09:03 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 09:03 - 2013-11-26 06:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-15 09:03 - 2013-11-26 06:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-15 09:03 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 09:03 - 2013-11-26 05:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-15 09:03 - 2013-11-26 04:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 09:03 - 2013-11-26 03:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 09:03 - 2013-11-24 20:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 09:03 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 09:03 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 09:03 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 09:03 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 09:03 - 2013-11-23 06:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 09:03 - 2013-11-23 03:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 09:03 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 09:03 - 2013-11-23 02:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 09:03 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 09:03 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 09:03 - 2013-11-22 22:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 09:03 - 2013-11-22 22:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 09:03 - 2013-11-22 22:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 09:03 - 2013-11-22 22:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 09:03 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 09:03 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 09:03 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 09:03 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 09:03 - 2013-11-16 00:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-15 09:03 - 2013-11-15 13:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-15 09:03 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 09:03 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 09:03 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 09:03 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 09:03 - 2013-11-05 15:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-15 09:03 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 09:03 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 19:02 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 19:02 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 19:02 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 19:02 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 19:02 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 19:02 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 19:02 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 19:02 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 19:02 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 19:02 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 19:02 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 19:02 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 19:02 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 19:02 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 19:02 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 19:02 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 19:02 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 19:02 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 19:02 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 19:02 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 19:02 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 19:02 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 19:02 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 19:02 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 19:02 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 19:02 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 19:02 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 19:02 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 19:02 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 19:02 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 19:02 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 19:02 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 19:02 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 19:02 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 19:02 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 19:02 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 19:02 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 18:54 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 18:54 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 18:53 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 18:53 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 18:53 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 18:53 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 18:53 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 18:53 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 18:47 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 18:47 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 18:47 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 18:47 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 18:47 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 18:47 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 18:47 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 18:47 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 18:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 18:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 18:46 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 18:46 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 18:45 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 18:45 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 18:45 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 18:45 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 18:42 - 2014-01-09 02:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 18:41 - 2014-01-09 03:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 18:41 - 2014-01-09 02:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 18:41 - 2014-01-09 02:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 18:41 - 2014-01-09 02:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 18:41 - 2014-01-09 02:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 18:41 - 2014-01-09 02:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 18:41 - 2014-01-09 02:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 18:41 - 2014-01-09 02:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 18:41 - 2014-01-09 02:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-10 16:12 - 2014-02-10 16:12 - 265452220 _____ () C:\Users\Pat\Desktop\registry editor.reg
2014-02-10 13:09 - 2014-02-10 13:09 - 00421881 _____ () C:\Users\Pat\Downloads\FPVInstaller.EXE
2014-02-09 15:50 - 2014-02-17 17:07 - 00000000 ____D () C:\Users\Pat\AppData\Local\NPE
2014-01-30 18:10 - 2014-02-17 11:05 - 00002384 _____ () C:\WINDOWS\setupact.log
2014-01-30 18:10 - 2014-01-30 18:10 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-01-29 11:28 - 2014-01-29 11:28 - 00001300 _____ () C:\Users\Pat\Desktop\Should I Remove It.lnk
2014-01-29 11:28 - 2014-01-29 11:28 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2014-01-29 11:28 - 2014-01-29 11:28 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-01-29 11:25 - 2014-01-29 11:25 - 02184968 _____ (Reason Software Company Inc.) C:\Users\Pat\Downloads\ShouldIRemoveIt_Setup.exe
2014-01-29 09:31 - 2014-02-17 11:40 - 00027114 _____ () C:\WINDOWS\PFRO.log
2014-01-29 09:05 - 2014-02-19 16:40 - 01743463 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-28 23:12 - 2014-01-29 23:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 23:12 - 2014-01-28 23:12 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 23:12 - 2014-01-28 23:12 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Malwarebytes
2014-01-28 23:12 - 2014-01-28 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 23:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-28 23:08 - 2014-01-28 23:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Pat\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 22:48 - 2014-01-28 22:48 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 22:48 - 2014-01-28 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-28 22:45 - 2014-01-28 22:46 - 04721920 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup410.exe
2014-01-28 09:22 - 2014-01-28 17:00 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-01-28 09:20 - 2014-01-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Buzz-it
2014-01-28 09:18 - 2014-01-28 15:31 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo
2014-01-23 15:33 - 2014-01-23 15:33 - 00862120 _____ (Download Manager ) C:\Users\Pat\Downloads\java.exe
2014-01-21 15:58 - 2014-01-21 15:58 - 00000449 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website
2014-01-21 15:54 - 2014-01-28 09:23 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-01-21 15:54 - 2014-01-21 15:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Yahoo!
2014-01-21 15:54 - 2014-01-21 15:54 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-01-21 08:54 - 2014-01-21 08:54 - 00000000 ____D () C:\Users\Pat\Desktop\Old Firefox Data
2014-01-20 16:34 - 2014-01-20 16:34 - 00001070 _____ () C:\Users\Public\Desktop\Minesweeper.lnk
2014-01-20 16:34 - 2014-01-20 16:34 - 00000000 ____D () C:\Program Files (x86)\Minesweeper
2014-01-20 16:31 - 2014-01-20 16:31 - 00861616 _____ (Download Manager ) C:\Users\Pat\Downloads\Minesweeper Setup.exe
2014-01-20 12:16 - 2014-01-20 12:16 - 00000000 ____D () C:\Users\Pat\Documents\Corel PaintShop Pro X6 Script Guide
2014-01-20 11:43 - 2014-01-20 11:44 - 01069512 _____ (Solid State Networks) C:\Users\Pat\Downloads\install_flashplayer12x32au_ltr5x64d_awc_aih.exe

==================== One Month Modified Files and Folders =======

2014-02-19 16:41 - 2014-02-19 16:41 - 00021943 _____ () C:\Users\Pat\Downloads\FRST.txt
2014-02-19 16:41 - 2014-02-19 16:40 - 00000000 ____D () C:\FRST
2014-02-19 16:40 - 2014-01-29 09:05 - 01743463 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-19 16:38 - 2014-02-19 16:37 - 02153472 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe
2014-02-19 16:35 - 2013-11-30 18:39 - 00007998 _____ () C:\WINDOWS\BRRBCOM.INI
2014-02-19 16:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-19 13:29 - 2013-12-02 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-19 11:21 - 2013-11-29 20:09 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3782273632-2773322664-1913436750-1001
2014-02-19 11:03 - 2014-02-19 11:03 - 00005154 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2014-02-19 10:41 - 2013-11-30 18:43 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EC070BDB-5D61-46BF-81BA-7C75C3C6A2EE}
2014-02-19 10:28 - 2014-02-19 10:27 - 05183254 _____ (Swearware) C:\Users\Pat\Downloads\ComboFix.exe
2014-02-18 15:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-18 15:32 - 2013-11-30 18:01 - 00000000 __RDO () C:\Users\Pat\SkyDrive
2014-02-17 17:07 - 2014-02-09 15:50 - 00000000 ____D () C:\Users\Pat\AppData\Local\NPE
2014-02-17 14:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 12:17 - 2014-02-17 12:17 - 00001031 _____ () C:\Users\Pat\Desktop\JRT new.txt
2014-02-17 12:15 - 2014-02-17 12:15 - 00001031 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-02-17 12:14 - 2014-02-17 12:13 - 01037530 _____ (Thisisu) C:\Users\Pat\Downloads\JRT(1).exe
2014-02-17 12:13 - 2013-12-01 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 11:58 - 2014-02-17 11:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-17 11:54 - 2014-02-17 11:54 - 01037530 _____ (Thisisu) C:\Users\Pat\Downloads\JRT.exe
2014-02-17 11:51 - 2014-02-17 11:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 11:48 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-17 11:46 - 2014-02-17 11:46 - 00003345 _____ () C:\Users\Pat\Desktop\AdwCleaner[S0].txt
2014-02-17 11:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-17 11:42 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Hiking 09-30-2013
2014-02-17 11:42 - 2013-12-01 18:31 - 00251392 ___SH () C:\Users\Pat\Desktop\Thumbs.db
2014-02-17 11:42 - 2013-11-29 20:02 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 11:42 - 2013-11-29 20:02 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 11:41 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-17 11:41 - 2013-08-22 09:44 - 00360960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-17 11:40 - 2014-01-29 09:31 - 00027114 _____ () C:\WINDOWS\PFRO.log
2014-02-17 11:40 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-17 11:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-17 11:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-17 11:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-17 11:32 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 11:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 11:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-17 11:28 - 2014-02-17 11:25 - 00000000 ____D () C:\AdwCleaner
2014-02-17 11:19 - 2014-02-17 11:19 - 01241888 _____ () C:\Users\Pat\Downloads\AdwCleaner.exe
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Fishing buddies 10-11-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Deb Kula Funeral 12-10-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Christmas light 12-26-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Christmas 2013 12-25-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Backyard birds 1-5-2014
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Backyard birds 1-4-2014
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\Amanda Allen Memorial 2-2-2014 dod1-26-2013
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Pat\Desktop\123 N 18th 10-29-2013
2014-02-17 11:05 - 2014-01-30 18:10 - 00002384 _____ () C:\WINDOWS\setupact.log
2014-02-15 16:15 - 2014-02-15 16:15 - 00071860 _____ () C:\Users\Pat\Downloads\Extras.Txt
2014-02-15 16:14 - 2014-02-15 16:14 - 00141490 _____ () C:\Users\Pat\Downloads\OTL.Txt
2014-02-15 16:08 - 2014-02-15 16:08 - 00602112 _____ (OldTimer Tools) C:\Users\Pat\Downloads\OTL.exe
2014-02-15 16:03 - 2014-02-15 16:03 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-15 16:03 - 2013-12-02 16:02 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-15 15:27 - 2013-11-30 08:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 15:26 - 2013-11-30 08:49 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-10 16:12 - 2014-02-10 16:12 - 265452220 _____ () C:\Users\Pat\Desktop\registry editor.reg
2014-02-10 14:09 - 2013-12-16 23:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\Windows Live
2014-02-10 13:09 - 2014-02-10 13:09 - 00421881 _____ () C:\Users\Pat\Downloads\FPVInstaller.EXE
2014-02-07 16:30 - 2013-12-02 16:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-06 07:16 - 2014-02-12 19:02 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 19:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 19:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 19:02 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 19:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 19:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 19:02 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 19:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 05:49 - 2014-02-12 19:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 19:02 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 19:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 19:02 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 19:02 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 19:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 19:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 19:02 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 19:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 19:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 19:02 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 19:02 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 19:02 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 19:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 19:02 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 04:47 - 2014-02-12 19:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 19:02 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 19:02 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 19:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 19:02 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 19:02 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 19:02 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 19:02 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 19:02 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 19:02 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 19:02 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 19:02 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 19:02 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-30 18:10 - 2014-01-30 18:10 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-01-30 15:47 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 15:47 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 23:00 - 2014-01-28 23:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 11:29 - 2013-11-30 21:23 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps
2014-01-29 11:28 - 2014-01-29 11:28 - 00001300 _____ () C:\Users\Pat\Desktop\Should I Remove It.lnk
2014-01-29 11:28 - 2014-01-29 11:28 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2014-01-29 11:28 - 2014-01-29 11:28 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-01-29 11:25 - 2014-01-29 11:25 - 02184968 _____ (Reason Software Company Inc.) C:\Users\Pat\Downloads\ShouldIRemoveIt_Setup.exe
2014-01-29 09:31 - 2014-01-28 09:20 - 00000000 ____D () C:\Program Files (x86)\Buzz-it
2014-01-28 23:12 - 2014-01-28 23:12 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 23:12 - 2014-01-28 23:12 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Malwarebytes
2014-01-28 23:12 - 2014-01-28 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 23:11 - 2014-01-28 23:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Pat\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 23:01 - 2014-01-08 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-28 23:01 - 2013-12-17 07:06 - 00000000 ____D () C:\Users\Pat\Tracing
2014-01-28 23:01 - 2013-11-30 17:43 - 00000000 ___DC () C:\WINDOWS\Panther
2014-01-28 22:48 - 2014-01-28 22:48 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 22:48 - 2014-01-28 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-28 22:46 - 2014-01-28 22:45 - 04721920 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup410.exe
2014-01-28 17:00 - 2014-01-28 09:22 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-01-28 15:31 - 2014-01-28 09:18 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo
2014-01-28 09:23 - 2014-01-21 15:54 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-01-23 15:33 - 2014-01-23 15:33 - 00862120 _____ (Download Manager ) C:\Users\Pat\Downloads\java.exe
2014-01-21 16:38 - 2013-12-01 18:07 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 15:58 - 2014-01-21 15:58 - 00000449 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website
2014-01-21 15:54 - 2014-01-21 15:54 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Yahoo!
2014-01-21 15:54 - 2014-01-21 15:54 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-01-21 14:38 - 2013-11-30 21:48 - 00000461 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Verizon Yahoo!.website
2014-01-21 14:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-21 08:54 - 2014-01-21 08:54 - 00000000 ____D () C:\Users\Pat\Desktop\Old Firefox Data
2014-01-20 16:34 - 2014-01-20 16:34 - 00001070 _____ () C:\Users\Public\Desktop\Minesweeper.lnk
2014-01-20 16:34 - 2014-01-20 16:34 - 00000000 ____D () C:\Program Files (x86)\Minesweeper
2014-01-20 16:31 - 2014-01-20 16:31 - 00861616 _____ (Download Manager ) C:\Users\Pat\Downloads\Minesweeper Setup.exe
2014-01-20 12:40 - 2014-01-18 15:50 - 00000000 ____D () C:\ProgramData\Corel
2014-01-20 12:16 - 2014-01-20 12:16 - 00000000 ____D () C:\Users\Pat\Documents\Corel PaintShop Pro X6 Script Guide
2014-01-20 11:51 - 2013-11-29 20:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe
2014-01-20 11:44 - 2014-01-20 11:43 - 01069512 _____ (Solid State Networks) C:\Users\Pat\Downloads\install_flashplayer12x32au_ltr5x64d_awc_aih.exe

Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\air10ff.exe
C:\Users\Pat\AppData\Local\Temp\air4FD2.exe
C:\Users\Pat\AppData\Local\Temp\air69B6.exe
C:\Users\Pat\AppData\Local\Temp\airEC8B.exe
C:\Users\Pat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pat\AppData\Local\Temp\dsapi.exe
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-17 13:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Pat at 2014-02-19 16:42:09
Running from C:\Users\Pat\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) MUI (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Athentech Perfectly Clear (Version: 1.0.0.101 - Corel Corporation) Hidden
Athentech Perfectly Clear (x32 Version: 1.0.0.101 - Corel Corporation)
Athentech Perfectly Clear (x32 Version: 1.0.0.101 - Corel Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-J875DW (x32 Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (Version: 4.10 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel KPT Collection (x32 Version: 1.0.0.103 - Corel Corporation)
Corel KPT Collection (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
Creative Content (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon Assistant Application en-US version 1.5.4 (x32 Version: 1.5.4 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.8 (x32 Version: 1.1.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (x32 Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.4 (x32 Version: 1.5.4 - Nuance Communications, Inc.)
DTS Studio Sound (x32 Version: 1.01.2700 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
FaceFilter v3.02 Standard (x32 Version: 3.02.1506.1 - Reallusion Inc.)
FastStone Image Viewer 4.9 (x32 Version: 4.9 - FastStone Soft)
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Intel® Management Engine Components (x32 Version: 8.1.30.1349 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (x32 Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.5.0.87 - Intel Corporation) Hidden
Intel® WiDi (Version: 4.0.18.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (x32 Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Minesweeper 3.6 (x32 Version: 3.6 - FreeMineSweeper.org)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Anti-Theft (x32 Version: 1.10.0.9 - Symantec Corporation)
Norton AntiVirus (x32 Version: 21.1.0.18 - Symantec Corporation)
Norton Identity Safe (x32 Version: 2014.6.0.27 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Nuance PaperPort 12 (x32 Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Origin (x32 Version: 9.1.12.73 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (x32 Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Should I Remove It (HKCU Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
TomTom HOME (x32 Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (x32 Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (Version: 2.6.8 - Toshiba Corporation)
Toshiba Start (HKCU Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (x32 Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (x32 Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (x32 Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (x32 Version: 1.1.6 - TOSHIBA)
U3Launcher (x32 Version: 1.0.0 - U3)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (x32 Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
Yahoo! Toolbar (x32 Version: - )
Zoner Photo Studio 16 (Version: 16.0.1.5 - ZONER software)

==================== Restore Points =========================

29-01-2014 16:28:35 Installed Should I Remove It
09-02-2014 22:30:23 Scheduled Checkpoint
15-02-2014 20:25:49 Windows Update

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09E7E0A3-8014-4202-B0F2-B5C875A9447D} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1454B2F3-64C5-407D-9D55-B242264ED362} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {164F51EF-433C-479E-849E-211DD4D0121B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-15] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20BF130D-3358-4B9F-B28D-9A5E0E141BC5} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {2A5AC1B1-61AC-42ED-BED7-B027C579F701} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {380DC172-F5B2-47E8-A658-DF3F1CFF207A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2012-11-23] (Intel Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D389249-CC30-48E6-852F-31F4F56D3F99} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {56518DC3-EF86-4D2B-84C0-2064853DFEC5} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5D22C6E7-1F06-4374-9A9B-4B70A408868A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6BCD7D78-3148-4FC9-949E-5FAEBC159FC9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07] (Adobe Systems Incorporated)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B56936A1-F37E-4E59-8104-6DBF94C2DD75} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {BC7E1362-29ED-49DB-AC36-BD5F0C75E2AC} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2012-11-23] (Intel Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D3039157-654D-419A-858B-113E74549BA6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F9851894-0F8B-4DB7-AE8A-B1427823E30E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-11-30 18:38 - 2005-04-21 23:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2013-09-21 06:22 - 2013-09-21 06:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2005-08-25 16:24 - 2005-08-25 16:24 - 00925696 _____ () C:\ProgramData\U3\U3Launcher\LaunchU3.exe
2013-06-05 10:14 - 2013-03-27 16:32 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-06-05 10:14 - 2013-03-27 16:32 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-06-05 10:14 - 2013-03-27 16:32 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-06-05 10:14 - 2013-03-27 16:32 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-06-05 10:14 - 2013-03-27 16:32 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-06-05 10:14 - 2013-03-27 16:32 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-06-05 10:14 - 2013-03-27 16:31 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2013-11-30 18:38 - 2009-02-27 19:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-06-05 09:52 - 2013-01-14 12:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-17 11:51 - 2014-02-17 11:51 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Pat\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 10:37:45 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/18/2014 03:32:51 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/17/2014 11:42:44 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/13/2014 04:12:37 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16fc

Start Time: 01cf28febe31b4ff

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b249abf1-94f2-11e3-be8b-606c66c5b5c4

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/13/2014 02:32:09 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/12/2014 06:35:12 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/10/2014 03:56:48 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/10/2014 03:14:39 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1968

Start Time: 01cf2697c748d390

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: bb76ef8f-928b-11e3-be8b-606c66c5b5c4

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2014 11:52:58 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/09/2014 02:42:50 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (02/19/2014 04:30:24 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (02/19/2014 04:30:19 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (02/19/2014 10:00:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/18/2014 03:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/18/2014 03:31:48 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (02/18/2014 03:31:46 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (02/17/2014 11:40:57 AM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (02/17/2014 10:47:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/17/2014 10:44:49 AM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (02/17/2014 10:44:44 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Microsoft Office Sessions:
=========================
Error: (02/19/2014 10:37:45 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/18/2014 03:32:51 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/17/2014 11:42:44 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/13/2014 04:12:37 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2031516fc01cf28febe31b4ff4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exeb249abf1-94f2-11e3-be8b-606c66c5b5c4microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/13/2014 02:32:09 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/12/2014 06:35:12 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/10/2014 03:56:48 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (02/10/2014 03:14:39 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315196801cf2697c748d3904294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exebb76ef8f-928b-11e3-be8b-606c66c5b5c4microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2014 11:52:58 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/09/2014 02:42:50 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8056.14 MB
Available physical RAM: 5396.73 MB
Total Pagefile: 9336.14 MB
Available Pagefile: 5486.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (TI10665000G) (Fixed) (Total:918.26 GB) (Free:816.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#9
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I downloaded a ran CCleaner from your link. That gave me version 4.04.4197, which I used. There was a note that there was an updated version 4.10.4570 available dated 1/23/14, but I did not update since I was not instructed to do so. It showed it was cleaning out 4 PUPS.

Should I update and run the updated version of CCleaner?

I updated MBAM and ran it and did the restart as prompted.

I downloaded and ran Hijack This. I got a Hijack This popup that said: For some reason your system denied access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\WINDOWS\System32\drivers\etc\hosts and press Enter. Find the line(s)Hijack This reports and delete them Save the file as 'hosts.' (with quotes)and reboot. I clicked okay. The report came up.

I am still getting the original InstallX pop-up that I described, that I x out of. Plus I just got a new one titled User Account Control: Do You Want to allow the following program to make changes to this computer-InstallX software. I checked NO. The details said the location was the C drive roaming files restore. After that I got the original InstallX pop-up that I again x-ed out of.

Log from MBAM and report from Hijack This follow:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.09.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Pat :: PAT [administrator]

2/13/2014 3:30:22 PM
mbam-log-2014-01-28 (23-15-24)malwarebytes scan 2-13-2014.txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383885
Time elapsed: 46 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Pat\AppData\Local\Temp\air10ff.exe (PUP.Optional.AdLyrics) -> No action taken.
C:\Users\Pat\Downloads\expertpdf7_d146487.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\Users\Pat\Downloads\java.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\Pat\Downloads\Minesweeper Setup.exe (PUP.Optional.AirInstaller) -> No action taken.

(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:14 PM, on 2/23/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\Pat\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [InstallX Search Protect for Yahoo] "C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe"
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton Anti-Theft (NAT) - Symantec Corporation - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
  • 0

#10
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Correction. I think it was the Malwarebytes that showed 4 PUPs that were removed. Thanks for your help. Sorry for my lack of knowledge about computers.
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
      O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
      O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
      O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
      O4 - HKCU\..\Run: [InstallX Search Protect for Yahoo] "C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe"
      O4 - Startup: LaunchU3.exe.lnk = ?
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#12
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I checked to remove from start up, the first item on the above list and the last 6, including the InstallX. I kept the Adobe, the update reminder and the Nuance ones because I think I need them for my printer. I have NOT received the InstallX pop-up since I removed it from start up. However, ESET shows there is still something there. Can we get rid of it? I have also not been bothered by the McAfee ad for several days now.

I ran ESET and it found 3 threats, listed below:


C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe probably a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Pat\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pat B

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Users\Pat\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe"
    del /f /s /q "C:\Users\Pat\Downloads\ccsetup404.exe"
    del /f /s /q "C:\Users\Pat\Downloads\ccsetup410.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so


:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them
Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java


The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#14
Pat B

Pat B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you Gringo,

I followed your final instructions to delete what ESET had found and to remove cleaning tools with DelFix. I did not use DeFogger.

ComboFix was not compatible with Win 8.1. I had downloaded it, but my system evidently did not install it because it couldn't be found with your run uninstall instructions. I tried both with and without the space. I couldn't find it in my programs files or with the Win 8 search function either. Some of the cleanups must have cleaned out the downloads as well because the ComboFix download is gone too.

I also do not have the Revo Uninstaller that you said I could keep. I guess you did not have me download it, because I had already uninstalled Conduit Search with the Windows uninstaller. Do you have any tips on using it, or is it self explanatory?

Regarding WinPatrol, is the free version sufficient, or would you recommend the paid version.

I couldn't find Java or Java Control Panel either to disable Java in my web browsers, so I must have uninstalled it before I contacted Geeks to Go. I guess I'll wait till I need it again. I don't remember if I need it for Corel Paint Shop.

Thank you for the links to security info. I learned a few things and was reminded of some things I already knew.

Thank you so much for all the time helping me clean up my computer and forcing me to learn my way around Windows 8.1 a little better. Although my problems weren't real serious, it was real annoying and frustrating to have to deal with the conduit search stuff while learning to use a new operating system and new equipment. Things seem to be resolved now. I will make a donation soon.

Pat B
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
you are more than welcome


gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP