Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

cannot download & run malwarebytes [Solved]

Started by gregahoffman , Aug 09 2014 06:32 AM

This topic is locked

#16
Biscuithd

Posted 09 August 2014 - 09:17 AM

Trusted Helper

Malware Removal
2,573 posts

This is a new computer???

That's not good.

Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Make sure that Scan All Users, LOP check and Purity check are ticked.
For 64-bit systems only - make sure that Include 64-bit option is also ticked.
Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
Section Extra Registry is also set to Use Safelist.
Under the Custom Scans/Fixes bar in the box paste in the following:
```
BASESERVICES

/md5start

rpcss.dll

/md5stop
```
Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

#17
gregahoffman

Posted 09 August 2014 - 09:32 AM

Member

Topic Starter
Member
400 posts

otl notepad

OTL logfile created on: 8/9/2014 10:23:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zoe\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 68.19% Memory free
9.07 Gb Paging File | 5.88 Gb Available in Paging File | 64.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.30 Gb Total Space | 637.97 Gb Free Space | 92.82% Space Free | Partition Type: NTFS

Computer Name: ZOE | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/09 10:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/09 21:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) -- C:\Users\Zoe\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2014/07/02 04:55:33 | 003,588,096 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
PRC - [2014/07/02 04:55:26 | 003,573,248 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
PRC - [2014/06/27 00:56:47 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
PRC - [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/02 04:55:38 | 000,489,472 | ---- | M] () -- C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
MOD - [2014/07/02 04:55:31 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/29 18:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/29 03:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/17 14:09:36 | 000,214,928 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/31 12:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/10/01 17:32:04 | 001,800,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/24 19:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 11:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/09 21:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Zoe\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2014/07/02 04:55:26 | 003,573,248 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)
SRV - [2014/06/27 00:56:47 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe -- (NIS)
SRV - [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -- (NAT)
SRV - [2013/10/09 19:45:32 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Stopped] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/08 06:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 11:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/28 21:33:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/28 14:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 17:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/03 23:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 20:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 20:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/11/01 04:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2013/10/15 16:03:14 | 000,111,488 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symelam.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/29 12:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/29 12:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 17:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 17:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/06 09:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 14:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 17:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 16:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/11 16:49:34 | 000,024,208 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 16:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2014/07/02 04:55:27 | 000,041,848 | ---- | M] (Bandoo Media Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A9119622)
DRV - [2014/06/25 04:32:47 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140808.017\ex64.sys -- (NAVEX15)
DRV - [2014/06/25 04:32:47 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/25 04:32:47 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140808.017\eng64.sys -- (NAVENG)
DRV - [2014/06/11 11:14:44 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/05/09 20:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/28 16:30:44 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140808.002\IDSviA64.sys -- (IDSVia64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}
IE:64bit: - HKLM\..\SearchScopes\{7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\URLSearchHook: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - SOFTWARE\Classes\CLSID\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}
IE - HKLM\..\SearchScopes\{7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\URLSearchHook: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - SOFTWARE\Classes\CLSID\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}\InprocServer32 File not found
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\SearchScopes\{3890E565-C7E9-4A6D-8AE0-4CEFDF559349}: "URL" = http://search.condui...M=2&SSPV=IN1SS2
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\TorchVLC: C:\Users\Zoe\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/08/09 07:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/03/29 12:47:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O2:64bit: - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Zoe\AppData\Roaming\Browser Extensions\Coupons64.dll (Spigot, Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O2 - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Zoe\AppData\Roaming\Browser Extensions\Coupons.dll (Spigot, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL File not found
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (IMVU Inc C Toolbar) - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (IMVU Inc C Toolbar) - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\Toolbar\WebBrowser: (IMVU Inc C Toolbar) - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKU\S-1-5-21-486120364-2819949595-82885683-1001..\Run: [Browser Extensions] C:\Users\Zoe\AppData\Roaming\Browser Extensions\CouponsHelper.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-486120364-2819949595-82885683-1001..\Run: [iLivid] "C:\Users\Zoe\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - Startup: C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Zoe\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.51.135.143 64.35.214.2 64.35.208.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54ADD730-EE35-491A-9322-41FC1E389E94}: DhcpNameServer = 216.51.135.143 64.35.214.2 64.35.208.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDF85A7-67E7-42EA-813B-CEB298FCD46A}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/09 10:21:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2014/08/09 08:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/08/09 07:54:05 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/09 07:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/09 07:53:47 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/09 07:53:47 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/08/09 07:53:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/08/09 07:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/09 07:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/08 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Desktop\Greg's Tools
[2014/07/26 21:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/07/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Browser Extensions
[2014/07/26 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Search Protection
[2014/07/26 11:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/07/26 11:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/07/26 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/07/26 11:01:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\Programs
[2014/07/26 10:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/26 10:29:38 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\toshiba
[2014/07/26 10:22:24 | 000,111,488 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\THAccel.sys
[2014/07/26 10:22:07 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\WinBatch
[2014/07/15 22:32:14 | 000,000,000 | R--D | C] -- C:\Users\Zoe\SkyDrive
[2014/07/11 21:50:40 | 000,703,968 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/07/11 21:50:40 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/11 21:47:36 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/07/11 21:36:25 | 000,269,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2014/07/11 21:36:24 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2014/07/11 21:36:21 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/07/11 21:36:21 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/07/11 21:36:21 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2014/07/11 21:36:21 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll
[2014/07/11 21:36:20 | 003,246,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2014/07/11 21:36:19 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2014/07/11 21:36:11 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2014/07/11 21:36:11 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wusa.exe
[2014/07/11 21:36:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wusa.exe
[2014/07/11 21:35:57 | 001,557,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014/07/11 21:35:56 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014/07/11 21:35:55 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\InkEd.dll
[2014/07/11 21:35:51 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/07/11 21:35:37 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/07/11 21:35:37 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll
[2014/07/11 21:35:37 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll
[2014/07/11 21:35:36 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll
[2014/07/11 21:35:29 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/07/11 21:35:29 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2014/07/11 21:35:29 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2014/07/11 21:35:29 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2014/07/11 21:35:29 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2014/07/11 21:35:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/11 21:35:29 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2014/07/11 21:35:29 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/11 21:35:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2014/07/11 21:35:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/11 21:35:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/07/11 21:35:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/11 21:35:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/11 21:35:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/07/11 21:35:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/11 21:35:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/11 21:35:27 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/11 21:35:27 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/07/11 21:35:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/11 21:35:27 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/07/11 21:35:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/11 21:35:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/07/11 21:35:26 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/11 21:35:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/07/11 21:35:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/11 21:35:23 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/11 21:35:22 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/11 21:35:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/11 21:35:10 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/11 21:35:09 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/07/11 21:35:09 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/11 21:34:53 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/07/11 21:34:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/07/11 21:34:32 | 000,982,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/07/11 21:34:32 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/07/11 21:34:30 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/07/11 21:34:30 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/07/11 21:34:29 | 001,043,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usercpl.dll
[2014/07/11 21:34:29 | 000,961,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll
[2014/07/11 21:34:29 | 000,559,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/07/11 21:34:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapisrv.dll
[2014/07/11 21:34:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/07/11 21:34:27 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/07/11 21:34:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/07/11 21:34:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\workerdd.dll
[2014/07/11 21:33:31 | 001,258,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/07/11 21:33:31 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpedit.dll
[2014/07/11 21:33:31 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpedit.dll
[2014/07/11 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2014/08/09 10:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2014/08/09 08:31:11 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/09 07:53:53 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/09 07:30:07 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/09 07:30:07 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/09 07:30:07 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/09 07:26:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/09 07:26:42 | 000,000,000 | -H-- | M] () -- C:\Users\Zoe\Documents\Default.rdp
[2014/08/09 07:25:17 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2014/08/09 07:25:17 | 000,017,408 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
[2014/08/09 07:24:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/09 07:24:51 | 2479,849,471 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/09 07:24:48 | 000,017,408 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
[2014/08/09 07:24:48 | 000,017,408 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2014/08/09 07:24:47 | 000,029,336 | ---- | M] () -- C:\windows\SysNative\wpbbin.exe
[2014/08/07 22:47:27 | 000,000,888 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2014/08/03 23:21:18 | 000,026,673 | ---- | M] () -- C:\windows\diagwrn.xml
[2014/08/03 23:21:17 | 000,026,673 | ---- | M] () -- C:\windows\diagerr.xml
[2014/07/26 11:02:44 | 000,001,136 | ---- | M] () -- C:\Users\Zoe\Desktop\Auslogics DiskDefrag.lnk
[2014/07/26 10:56:12 | 000,000,833 | ---- | M] () -- C:\Users\Zoe\Desktop\CCleaner.lnk
[2014/07/26 10:22:24 | 002,707,521 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1504000.00D\Cat.DB
[2014/07/15 22:35:55 | 000,281,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/11 21:08:18 | 000,001,838 | ---- | M] () -- C:\Users\Zoe\Desktop\IMVU.lnk

========== Files Created - No Company Name ==========

[2014/08/09 07:53:53 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/09 07:26:42 | 000,000,000 | -H-- | C] () -- C:\Users\Zoe\Documents\Default.rdp
[2014/08/08 22:03:28 | 000,000,666 | ---- | C] () -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[2014/07/26 11:02:44 | 000,001,136 | ---- | C] () -- C:\Users\Zoe\Desktop\Auslogics DiskDefrag.lnk
[2014/07/26 10:56:11 | 000,000,833 | ---- | C] () -- C:\Users\Zoe\Desktop\CCleaner.lnk
[2014/07/25 23:30:50 | 000,026,673 | ---- | C] () -- C:\windows\diagwrn.xml
[2014/07/25 23:30:50 | 000,026,673 | ---- | C] () -- C:\windows\diagerr.xml
[2014/07/15 22:35:47 | 000,281,088 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/11 21:36:11 | 000,387,268 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/10/31 20:18:48 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/30 17:26:41 | 000,037,820 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2013/09/30 17:25:13 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/09/30 17:14:17 | 000,017,408 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/09/30 17:13:40 | 000,017,408 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2013/09/30 20:18:13 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 03:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 01:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/08/08 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\Browser Extensions
[2014/08/07 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\IMVU
[2014/07/11 21:07:59 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\IMVUClient
[2014/08/09 09:52:04 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\Search Protection
[2014/03/16 16:39:42 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\SecondLife
[2013/11/01 16:13:54 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\sMedio
[2014/07/26 10:29:38 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\toshiba
[2014/07/26 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2012/09/20 01:30:35 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/03/06 01:29:15 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012/07/25 22:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012/07/25 22:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/10/10 04:20:43 | 000,723,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 22:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012/07/25 22:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/25 22:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/13 01:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012/10/11 00:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012/10/11 00:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/09/20 01:31:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012/07/25 22:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012/07/25 22:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012/07/25 22:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012/07/25 22:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012/07/25 22:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012/07/25 22:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012/09/20 01:31:57 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012/07/25 22:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/09/20 01:32:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012/07/26 00:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/09/20 01:33:04 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/07/25 22:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012/07/25 22:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012/07/25 22:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012/07/25 22:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/03/10 19:39:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/04/08 23:51:41 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/07/25 22:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012/07/25 22:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012/07/25 22:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2014/03/28 03:23:00 | 001,287,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012/07/25 22:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/25 22:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/07/25 22:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/25 22:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/05/04 01:59:51 | 001,483,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/06/01 04:19:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 22:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2014/03/29 03:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/10/31 00:56:24 | 000,915,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012/07/25 22:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012/07/25 22:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/07/25 22:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/10/08 17:27:56 | 003,279,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/07/25 22:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2012/11/05 23:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012/07/25 22:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< >
[2012/07/26 02:22:10 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT

< MD5 for: RPCSS.DLL >
[2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\windows\SysNative\rpcss.dll
[2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.2.9200.16384_none_c2948360c7a43433\rpcss.dll

< End of report >

otl extras

OTL Extras logfile created on: 8/9/2014 10:23:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zoe\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 68.19% Memory free
9.07 Gb Paging File | 5.88 Gb Available in Paging File | 64.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.30 Gb Total Space | 637.97 Gb Free Space | 92.82% Space Free | Partition Type: NTFS

Computer Name: ZOE | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80A23B66-0313-4174-83CC-A33F322A58B9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ED8E71CD-9D55-4CA3-9A00-B8C13E88D5B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EE0660-92B4-4CE7-AB6C-848F13E74405}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{0A4C753C-7FA7-4DD7-A76A-762A9A83523D}" = dir=out | name=amazon for windows |
"{0BD64AE6-4A18-4D90-BA66-413F65FE540D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0EC6D4A7-21BA-409C-8084-831D7E3C6A0B}" = dir=out | name=toshiba central |
"{14AC45FE-FFCF-4F22-A884-D145677336DD}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{170AEFDD-BB1E-4E79-904B-6D90E0BDBBEA}" = dir=in | app=c:\users\zoe\appdata\local\torch\plugins\hola\hola_plugin.exe |
"{1B65AE17-B22F-499B-96B9-8E5C0047B5DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A2C31A2-0200-40E7-A531-7783EF6E825F}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{2AB3041F-7C06-4CAC-BFCA-D2A4AD51FAC6}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{2CF4E026-6CEE-45BF-884D-C456EC2279E8}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{30136CFA-ADD8-4B04-A15A-670E4E82A1D1}" = dir=in | app=c:\users\zoe\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
"{4260B71A-C0F6-4BA3-9079-0595068110AA}" = dir=out | name=windows_ie_ac_001 |
"{4D48E9A4-3B62-4CE9-8731-DD4E2E67DF70}" = dir=out | name=norton studio |
"{592633F3-A951-4667-8713-1E2E134A107A}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{60393F95-CA3C-4456-A7CA-82164600ED1D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{67844790-8C0C-4BA8-B69A-DD9A88E29810}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{7B725C3F-E545-4C1A-88AA-67CBBCA7A36B}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{7E0A7029-A507-402E-87F0-3C64DB6B7060}" = dir=in | name=amazon for windows |
"{8003189D-C3D3-4FF4-A1D3-39606997246F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81488C4D-2EAF-4095-849E-23ACA3CBF8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{88410646-1B4E-48D6-8852-315FF8808C31}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8A27D8B8-F2A5-468A-8C39-3B80D6CA7E39}" = dir=in | name=toshiba media player by smedio truelink+ |
"{8D632048-72AB-433A-9155-74E8DCEC5F0B}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{90D62009-5A2C-45D3-81B4-20958DCF2ECD}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{98A675DD-1110-480A-A6DF-12934C761690}" = dir=out | name=windows_ie_ac_001 |
"{9B72FC3B-AFB3-4131-9A75-3869A8D3C09C}" = dir=in | app=c:\users\zoe\appdata\local\torch\application\torch.exe |
"{9D2145D4-0647-46D0-9DA3-FDE5BA4F8176}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A99A6F6A-A301-417A-8BA7-EDE22724C616}" = dir=out | name=windows_ie_ac_001 |
"{B4779B8C-F1C6-4DCB-9776-421CC104574C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{BC7C44FA-E9A1-455A-A63F-C383955A561B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C056C82F-1F96-4094-A681-6015681446F9}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{C42C9C11-7201-4803-8F22-D676678AA92C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DAA51619-3C52-414B-B9A1-8258FD12D428}" = dir=out | name=toshiba media player by smedio truelink+ |
"{DE7FBB3B-56E0-4996-8DFB-9C97B43D3723}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F1B07ED5-BDCC-4CC2-8D92-72B4099B9AD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F62E02C7-A28D-4BE7-9BD0-8A18B45685DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB4E5FBE-5235-4925-97FE-2D491C7EDDC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF8B8FEE-7E76-4B14-8653-FD626D92A73C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}" = TOSHIBA HDD Accelerator
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}" = TOSHIBA Service Station
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"57F58DC141BEB353704E041792E5B00606694FEA" = Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3)
"CCleaner" = CCleaner
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1786E63-2127-42C9-95A3-146E5F727BF1}" = TOSHIBA Password Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"IECT3318151" = IMVU Inc C Toolbar for IE
"ilividmoviestoolbar20IE" = Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
"InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NARA" = Norton Online Backup ARA
"NAT" = Norton Anti-Theft
"NIS" = Norton Internet Security
"NortonPCCheckup" = Norton PC Checkup
"NortonSD" = Norton Security Dashboard
"Origin" = Origin
"SecondLifeViewer" = SecondLifeViewer (remove only)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Browser Extensions
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Search Protection" = Search Protection
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Torch" = Torch

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/4/2014 2:09:05 AM | Computer Name = Zoe | Source = Bonjour Service | ID = 100
Description = Timed out waiting for acknowledgement of machine sleep

Error - 7/4/2014 11:17:25 AM | Computer Name = Zoe | Source = Toshiba App Place | ID = 0
Description =

Error - 7/4/2014 6:47:46 PM | Computer Name = Zoe | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 7/4/2014 7:49:48 PM | Computer Name = Zoe | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 7/5/2014 10:28:31 PM | Computer Name = Zoe | Source = Toshiba App Place | ID = 0
Description =

Error - 7/6/2014 1:17:51 AM | Computer Name = Zoe | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/6/2014 12:32:22 PM | Computer Name = Zoe | Source = Toshiba App Place | ID = 0
Description =

Error - 7/6/2014 8:24:05 PM | Computer Name = Zoe | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/11/2014 2:38:11 PM | Computer Name = Zoe | Source = Toshiba App Place | ID = 0
Description =

Error - 7/11/2014 7:48:20 PM | Computer Name = Zoe | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

[ System Events ]
Error - 6/29/2014 1:54:20 PM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 6/29/2014 1:55:42 PM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 6/29/2014 1:55:42 PM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 6/30/2014 2:44:59 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 6/30/2014 2:44:59 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 7/1/2014 2:27:14 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 7/1/2014 2:27:14 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 7/1/2014 2:27:18 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 7/1/2014 2:27:18 AM | Computer Name = Zoe | Source = DCOM | ID = 10010
Description =

Error - 7/2/2014 10:58:34 AM | Computer Name = Zoe | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:39:00 AM on ?7/?2/?2014 was unexpected.

< End of report >

#18
Biscuithd

Posted 09 August 2014 - 10:13 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Greg,

It would be unlikely that I caught everything in the first try, but let's see. Also, fair warning, I'm going out for the day, so it will be evening or morning before I can help again.

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Right-click on icon and select Run as Administrator to start the tool.
Under the Custom Scans/Fixes bar in the box paste in the following:

:Commands
[CREATERESTOREPOINT]
 
:OTL

PRC - [2014/07/09 21:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) -- C:\Users\Zoe\AppData\Local\Torch\Update\TorchCrashHandler.exe

PRC - [2014/07/02 04:55:33 | 003,588,096 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe

PRC - [2014/07/02 04:55:26 | 003,573,248 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe

MOD - [2014/07/02 04:55:38 | 000,489,472 | ---- | M] () -- C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll

MOD - [2014/07/02 04:55:31 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll

SRV - [2014/07/09 21:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Zoe\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)

SRV - [2014/07/02 04:55:26 | 003,573,248 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)

DRV - [2014/07/02 04:55:27 | 000,041,848 | ---- | M] (Bandoo Media Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A9119622)

O2:64bit: - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()

O2:64bit: - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Zoe\AppData\Roaming\Browser Extensions\Coupons64.dll (Spigot, Inc.)

O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found

O2 - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Zoe\AppData\Roaming\Browser Extensions\Coupons.dll (Spigot, Inc.)

O2 - BHO: (IMVU Inc C Toolbar) - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found

O3:64bit: - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found

O3 - HKLM\..\Toolbar: (IMVU Inc C Toolbar) - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\Toolbar\WebBrowser: (IMVU Inc C Toolbar) - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll File not found

O4:64bit: - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-486120364-2819949595-82885683-1001..\Run: [Browser Extensions] C:\Users\Zoe\AppData\Roaming\Browser Extensions\CouponsHelper.exe (Spigot, Inc.)

O4 - HKU\S-1-5-21-486120364-2819949595-82885683-1001..\Run: [iLivid] "C:\Users\Zoe\AppData\Local\iLivid\iLivid.exe" -autorun File not found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\volaro: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\jumpflip: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\volaro: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\vonteera: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -  File not found

[2014/07/11 21:33:31 | 001,258,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll[/B]



:Files

C:\Users\Zoe\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)

C:\Program Files (x86)\Movies Toolbar

C:\Users\Zoe\AppData\Roaming\Browser Extensions\Coupons64.dll (Spigot, Inc.)

C:\Users\Zoe\AppData\Roaming\Browser Extensions\CouponsHelper.exe (Spigot, Inc.)

C:\Users\Zoe\AppData\Local\iLivid\iLivid.exe



:Commands
[EMPTYTEMP]
[REBOOT]

Push Run Fix and wait patiently.
If asked to reboot, please allow it to.
A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.

Follow the prompts and let this process run uninterrupted.

This scan can take a while, depending on your System specs.

Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.

Follow the prompts and click Scan.

When finished, please click Clean.

Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;

process;

services-list;

systemspecs;

startupall;

skipfix-iedefaults;

firefoxlook;

chromelook;

filesrcm;

installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Last, re-scan with OTL and post the OTL.txt

#19
gregahoffman

Posted 09 August 2014 - 10:19 AM

Member

Topic Starter
Member
400 posts

i'll do it, and I have this comp until tomorrow, we will try and fix what we can. thank you for all your help

#20
gregahoffman

Posted 09 August 2014 - 11:02 AM

Member

Topic Starter
Member
400 posts

after running the fix with otl, I am not able to log in with the pin # no what do I do???

#21
Biscuithd

Posted 09 August 2014 - 11:03 AM

Trusted Helper

Malware Removal
2,573 posts

Answering with my iphone, so this may be sort messages.

WHich PIN # are you referring to.

#22
gregahoffman

Posted 09 August 2014 - 11:22 AM

Member

Topic Starter
Member
400 posts

after start up, when you need a password or pin number to sign in...she gave me her pin # which worked until otl fix, is there a way around this? I can't get her on the phone to get her original password. the exact error message is that I'm trying to sign in with an old pin # but I never tried to change it

#23
Biscuithd

Posted 09 August 2014 - 11:25 AM

Trusted Helper

Malware Removal
2,573 posts

That was going to be my guess...what the computer thinks the password is and what you think it is are two different things.

Short of a reset procedure, obtaining the correct password is the only way. My guess is the new p/w was stored in Temp and I had to clear Temp for the fix.

#24
gregahoffman

Posted 09 August 2014 - 11:33 AM

Member

Topic Starter
Member
400 posts

guess I've created quite the mess

#25
Biscuithd

Posted 09 August 2014 - 11:36 AM

Trusted Helper

Malware Removal
2,573 posts

Welcome to the Wonderful World of Malware Removal! Seriously, this is one of the risks of doing this. You trust the OP to have passwords for their computer. However, they don't always.

Take a breath and wait for either the new password or put her through the reset procedure.

#26
gregahoffman

Posted 09 August 2014 - 11:37 AM

Member

Topic Starter
Member
400 posts

ok thanks

#27
gregahoffman

Posted 09 August 2014 - 12:12 PM

Member

Topic Starter
Member
400 posts

guess we are going to have to do a reset, her original passwords are probably being sent to a closed e mail account...she is ok with a reset and said nothing on the machine has to be saved, what do I do next? sorry to ruin your Saturday