Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannot download & run malwarebytes [Solved]


  • This topic is locked This topic is locked

#31
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Do you mean the remainder of the tools I gave you? If so, yes


  • 0

Advertisements


#32
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

jrt log

 

 

Attached Files

  • Attached File  JRT.txt   765bytes   100 downloads

  • 0

#33
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

zoek log

 

 

Attached Files


  • 0

#34
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Please post incline text, not attachments
  • 0

#35
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

otl txt extras txt

 

 

Attached Files


  • 0

#36
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

I tried to copy & paste, I am having problems, I apologize


  • 0

#37
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

Zoek.exe v5.0.0.0 Updated 09-August-2014
Tool run by Zoe on Sat 08/09/2014 at 16:52:40.89.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Zoe\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/9/2014 4:54:21 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Reader X (10.1.3) 
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver 
Auslogics DiskDefrag 
Bejeweled 3 
D3DX10 
FATE 
Gardenscapes: Mansion Makeover 
Intel® Management Engine Components 
Intel® Processor Graphics 
Intel® Rapid Storage Technology 
Intel® SDK for OpenCL - CPU Only Runtime Package 
Intelr Trusted Connect Service Client 
Malwarebytes Anti-Malware version 2.0.2.1012 
Microsoft Application Error Reporting 
Microsoft Office 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
More Games - WildTangent 
Movie Maker 
MSVCRT 
MSVCRT110 
MSVCRT110_amd64 
Norton Anti-Theft 
Norton Internet Security 
Norton Online Backup 
Norton Online Backup ARA 
Norton PC Checkup 
Norton Security Dashboard 
Origin 
Penguins 
Photo Common 
Photo Gallery 
Plants vs. Zombies - Game of the Year 
PlayReady PC Runtime amd64 
Polar Bowler 
Premium Sound HD 
Realtek Bluetooth Filter Driver Package 
Realtek High Definition Audio Driver 
Realtek USB 2.0 Card Reader 
Realtek WLAN Driver 
Synaptics Pointing Device Driver 
Toshiba App Place 
TOSHIBA Application Installer 
Toshiba Book Place 
TOSHIBA Desktop Assist 
TOSHIBA eco Utility 
TOSHIBA Function Key 
TOSHIBA HDD Accelerator 
TOSHIBA Password Utility 
TOSHIBA PC Health Monitor 
TOSHIBA Quality Application 
TOSHIBA Recovery Media Creator 
TOSHIBA Resolution+ Plug-in for Windows Media Player 
TOSHIBA Service Station 
TOSHIBA System Driver 
TOSHIBA System Settings 
TOSHIBA User's Guide 
TOSHIBA VIDEO PLAYER 
TOSHIBARegistration 
Update Installer for WildTangent Games App 
Vacation QuestT - Australia 
Virtual Villagers 5 - New Believers 
WildTangent Games 
WildTangent Games App (Toshiba Games) 
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Installer 
Windows Live Photo Common 
Windows Live PIMT Platform 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Youda Jewel Shop 

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Zoe\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel® ME Service] - Intel® ME Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [NAT] - Norton Anti-Theft - "C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe" /s "NAT" /m "C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\diMaster.dll" /prefetch:1
R2 - [NIS] - Norton Internet Security - "C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\diMaster.dll" /prefetch:1
R2 - [NOBU] - Norton Online Backup - "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
R2 - [Norton PC Checkup Application Launcher] - Norton PC Checkup Application Launcher - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe /s
R2 - [PCCUJobMgr] - Common Client Job Manager Service - "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\diMaster.dll" /prefetch:1
R2 - [taisregispinger] - taisregispinger - C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
R2 - [THAccelSvc] - TOSHIBA HDD Accelerator Service - C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - C:\Windows\system32\TODDSrv.exe
R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - "C:\Program Files\Toshiba\Teco\TecoService.exe"
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding
R3 - [TMachInfo] - TMachInfo - "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
R3 - [TPCHSrv] - TPCH Service - "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
R3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe
R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe
S2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe
S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - C:\Program Files\Windows Defender\MsMpEng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
SUnknown - [rpcnetp] - rpcnetp -

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8077 MB
CPU Info: Intel® Core™ i7-3630QM CPU @ 2.40GHz
CPU Speed: 2415.4 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC | Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  687.3GB
Hard Disks - Free: C:  634.2GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE |  | TOSINV - 1
Time Zone: Central Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Norton Internet Security disabled (Outdated)
Firewall: Norton Internet Security disabled
Internet Explorer Version: 10.0.9200.16384
Adobe Reader version: 10.1.3.23

==== Files Recently Created / Modified ======================

====== C:\windows ====
2014-08-09 19:24:41 165EB24F51291AA5D0EB1BA9D28648D2 17148 ----a-w- C:\windows\diagwrn.xml
2014-08-09 19:24:41 165EB24F51291AA5D0EB1BA9D28648D2 17148 ----a-w- C:\windows\diagerr.xml
====== C:\Users\Zoe\AppData\Local\Temp ====
2014-08-09 21:38:45 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
2014-08-09 20:20:38 9CEF6B9035974BB9CE3B6FB5CAAA2A62 13 --sh--r- C:\windows\Sysnative\drivers\fbd.sys
2014-08-09 20:00:45 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-09 20:00:16 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2014-08-09 20:00:16 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys
2014-08-09 20:00:16 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\windows\Sysnative\drivers\mwac.sys
====== C:\windows\Tasks ======
2014-08-09 19:37:02 E3ECB4AF1DA6DB2022CA7AAA9BEBA976 3594 ----a-w- C:\windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-486120364-2819949595-82885683-1001
2014-08-09 19:31:30 -------- d-----w- C:\windows\Sysnative\Tasks\WPD
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
2014-08-09 21:39:24 E893246F1276ED4727A8F3307B75CBA6 82432 ----a-w- C:\Utilman.exe
====== C:\Users\Zoe\AppData\Roaming ======
2014-08-09 20:02:48 -------- d-----w- C:\Users\Zoe\AppData\Roaming\Browser Extensions
2014-08-09 19:59:58 -------- d-----w- C:\Users\Zoe\AppData\Local\Programs
2014-08-09 19:51:03 -------- d-s---w- C:\windows\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2014-08-09 19:41:47 -------- d-s---w- C:\windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2014-08-09 19:31:46 -------- d-----w- C:\Users\Zoe\AppData\Local\SRS Labs
2014-08-09 19:31:43 -------- d-----w- C:\Users\Zoe\AppData\Local\TOSHIBA
2014-08-09 19:29:29 -------- d-----r- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-08-09 19:29:29 -------- d-----r- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-08-09 19:29:06 -------- d-----w- C:\Users\Zoe\AppData\Roaming\Adobe
2014-08-09 19:28:27 -------- d-----w- C:\Users\Zoe\AppData\Roaming\WinBatch
2014-08-09 19:26:54 -------- d-----w- C:\Users\Zoe\AppData\Local\VirtualStore
2014-08-09 19:26:34 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\Packages
2014-08-09 19:26:12 -------- d-s---w- C:\Users\Zoe\AppData\Locallow\Microsoft
2014-08-09 19:25:19 9826F4027DB62718CE96FF353F1BB258 1698 ----a-w- C:\Users\Administrator\AppData\Local\Application.xml
2014-08-09 19:24:44 -------- d-s---w- C:\Users\Zoe\AppData\Roaming\Microsoft
2014-08-09 19:24:44 -------- d-----w- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-09 19:24:44 -------- d-----w- C:\Users\Zoe\AppData\Local\Temp
2014-08-09 19:24:44 -------- d-----w- C:\Users\Zoe\AppData\Local\Microsoft
2014-08-09 19:24:44 -------- d-----r- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-09 19:24:44 -------- d-----r- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-09 19:24:44 -------- d-----r- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
====== C:\Users\Zoe ======
2014-08-09 21:36:27 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Zoe\Desktop\JRT.exe
2014-08-09 19:29:29 -------- d-----r- C:\Users\Zoe\Searches
2014-08-09 19:26:06 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Zoe\ntuser.ini
2014-08-09 19:24:44 -------- d--h--w- C:\Users\Zoe\AppData
2014-08-09 19:24:44 -------- d-----r- C:\Users\Zoe\Favorites
2014-08-09 19:24:44 -------- d-----r- C:\Users\Zoe\Desktop
2014-08-09 15:21:46 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Zoe\Desktop\OTL.exe
2014-07-16 03:32:14 -------- d-----r- C:\Users\Zoe\SkyDrive

====== C: exe-files ==
2014-08-09 21:39:24 E893246F1276ED4727A8F3307B75CBA6 82432 ----a-w- C:\Utilman.exe
2014-08-09 21:38:45 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-08-09 21:36:27 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Zoe\Desktop\JRT.exe
2014-08-09 20:18:52 8624D93B2CD898328B92034466AFC6B0 337816 ----a-w- C:\Users\Zoe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62JWRCS5\OEMScanner[1].exe
2014-08-09 20:18:51 F993C523CAF433754BE99E96EB8ABD03 208720 ----a-w- C:\Users\Zoe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZU7O4YN\NLRemovePCCU2[1].exe
2014-08-09 20:05:09 179C3C60DD7AFDC8F4AE8B6A6323DEA2 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-486120364-2819949595-82885683-1001\$IDA9VZ1.exe
2014-08-09 19:59:30 D9DE89F0FAF18019BC9595F0F47BCA61 50688 ----a-w- C:\Users\Zoe\Desktop\Greg's Tools\ATF-Cleaner.exe
2014-08-09 19:57:48 7137EFE5EC5240CF87A6DF44E73FCF69 6326216 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-486120364-2819949595-82885683-1001\$RDA9VZ1.exe
2014-08-09 15:21:46 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Zoe\Desktop\OTL.exe
=== C: other files ==
2014-08-09 21:38:45 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\TDL4.bat
2014-08-09 21:38:45 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\medfos.bat
2014-08-09 21:38:45 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\modules.bat
2014-08-09 21:38:45 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\searchlnk.bat
2014-08-09 21:38:45 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\firefox.bat
2014-08-09 21:38:45 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\ev_clear.bat
2014-08-09 21:38:45 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\runvalues.bat
2014-08-09 21:38:45 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\delorphans.bat
2014-08-09 21:38:45 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\get.bat
2014-08-09 21:38:45 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\prelim.bat
2014-08-09 21:38:45 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\chrome.bat
2014-08-09 21:38:45 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\misc.bat
2014-08-09 21:38:45 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\ask.bat
2014-08-09 21:38:45 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\iexplore.bat
2014-08-09 21:38:45 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\JRT.bat
2014-08-09 21:38:45 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\FWPolicy.bat
2014-08-09 21:38:45 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Zoe\AppData\Local\Temp\jrt\delfolders.bat
2014-08-09 20:20:38 9CEF6B9035974BB9CE3B6FB5CAAA2A62 13 --sh--r- C:\Windows\System32\Drivers\fbd.sys
2014-08-09 20:00:45 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-09 20:00:16 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\Drivers\mbam.sys
2014-08-09 20:00:16 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-09 20:00:16 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\Drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"ToshibaAppPlace"="C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SRS Premium Sound HD"="C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe  /f=C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip /h"
"TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe"
"TSleepSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe"
"TODDMain"="C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe"
"TCrdMain"="%ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe "
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\WSCStub.exe"]
"C:\windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\windows\SysNative\tasks\Norton Anti-Theft\Norton Error Analyzer" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe]
"C:\windows\SysNative\tasks\Norton Anti-Theft\Norton Error Processor" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe]
"C:\windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe]
"C:\windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe]
"C:\windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn" [08/09/2014 02:28 PM]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\Exts\Chrome.crx[08/21/2012 10:31 AM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/"
"Default_Secondary_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{5D2F2164-CA2D-423B-BE54-E84DFB33EC84}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{5D2F2164-CA2D-423B-BE54-E84DFB33EC84} Yahoo  Url="https://search.yahoo...&p={searchTerms}"
{7DB7C3DF-01DC-484F-BCD1-65F70B4AA348} Unknown  Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 08/09/2014 at 16:58:05.15 ======================


  • 0

#38
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Zoe on Sat 08/09/2014 at 16:39:01.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Zoe\AppData\Roaming\search protection"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/09/2014 at 16:44:12.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#39
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

OTL logfile created on: 8/9/2014 5:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zoe\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.85% Memory free
12.39 Gb Paging File | 10.73 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.30 Gb Total Space | 634.22 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
 
Computer Name: ZOE | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/09 10:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
PRC - [2012/08/18 12:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe
PRC - [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/30 01:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/20 01:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/20 01:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/24 19:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/08/10 15:56:26 | 000,214,488 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2012/07/28 11:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 16:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
SRV - [2012/08/18 12:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe -- (NIS)
SRV - [2012/08/08 06:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/03 21:41:46 | 002,196,120 | ---- | M] (Toshiba America Information Systems.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 11:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/01 03:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2013/09/30 17:36:24 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/02 23:55:46 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/09/20 03:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/09/20 02:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/20 02:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/09/20 02:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 01:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/20 01:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/08/29 12:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/16 17:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 17:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/10 12:56:56 | 000,131,520 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2012/08/10 12:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/08/07 16:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2012/08/06 12:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/08/06 09:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 14:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/27 14:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/07/27 14:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/22 12:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/07/21 17:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 16:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/11 16:49:34 | 000,024,208 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/20 13:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 16:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2012/05/24 16:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtspx64.sys -- (SRTSPX)
DRV - [2014/08/09 15:18:30 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140809.004\ex64.sys -- (NAVEX15)
DRV - [2014/08/09 15:18:29 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/09 15:18:29 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/09 15:18:29 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140809.004\eng64.sys -- (NAVENG)
DRV - [2014/08/08 16:41:58 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140808.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/01 03:18:42 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140801.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7DB7C3DF-01DC-484F-BCD1-65F70B4AA348}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\SearchScopes,DefaultScope = {5D2F2164-CA2D-423B-BE54-E84DFB33EC84}
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\..\SearchScopes\{5D2F2164-CA2D-423B-BE54-E84DFB33EC84}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKU\S-1-5-21-486120364-2819949595-82885683-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2014/08/09 15:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2014/08/09 14:28:50 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.51.135.143 64.35.214.2 64.35.208.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54ADD730-EE35-491A-9322-41FC1E389E94}: DhcpNameServer = 216.51.135.143 64.35.214.2 64.35.208.2
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/09 17:22:44 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/08/09 16:55:05 | 000,000,000 | -H-D | C] -- C:\$SysReset
[2014/08/09 16:52:37 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/09 16:39:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Utilman.exe
[2014/08/09 16:38:58 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/09 16:36:27 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Zoe\Desktop\JRT.exe
[2014/08/09 15:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/08/09 15:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/08/09 15:02:48 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Browser Extensions
[2014/08/09 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/08/09 15:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/08/09 15:00:45 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/09 15:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/09 15:00:16 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/09 15:00:16 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/08/09 15:00:16 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/08/09 15:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/09 15:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/09 14:59:58 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\Programs
[2014/08/09 14:44:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/09 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Macromedia
[2014/08/09 14:31:46 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\SRS Labs
[2014/08/09 14:31:43 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\TOSHIBA
[2014/08/09 14:29:29 | 000,000,000 | R--D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/08/09 14:29:29 | 000,000,000 | R--D | C] -- C:\Users\Zoe\Searches
[2014/08/09 14:29:29 | 000,000,000 | R--D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/08/09 14:29:29 | 000,000,000 | -H-D | C] -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/08/09 14:29:06 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Adobe
[2014/08/09 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\WinBatch
[2014/08/09 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\VirtualStore
[2014/08/09 14:25:36 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2014/08/09 14:24:44 | 000,000,000 | --SD | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft
[2014/08/09 14:24:44 | 000,000,000 | R--D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/08/09 14:24:44 | 000,000,000 | R--D | C] -- C:\Users\Zoe\Favorites
[2014/08/09 14:24:44 | 000,000,000 | R--D | C] -- C:\Users\Zoe\Desktop
[2014/08/09 14:24:44 | 000,000,000 | R--D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/08/09 14:24:44 | 000,000,000 | R--D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\AppData\Local\Temporary Internet Files
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Templates
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Start Menu
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\SendTo
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Recent
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\PrintHood
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\NetHood
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Documents\My Videos
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Documents\My Pictures
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Documents\My Music
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\My Documents
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Local Settings
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\AppData\Local\History
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Cookies
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\Application Data
[2014/08/09 14:24:44 | 000,000,000 | -HSD | C] -- C:\Users\Zoe\AppData\Local\Application Data
[2014/08/09 14:24:44 | 000,000,000 | -H-D | C] -- C:\Users\Zoe\AppData
[2014/08/09 14:24:44 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\Temp
[2014/08/09 14:24:44 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\Microsoft
[2014/08/09 14:24:44 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/08/09 11:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/09 10:21:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2014/08/08 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Desktop\Greg's Tools
[2014/07/15 22:32:14 | 000,000,000 | R--D | C] -- C:\Users\Zoe\SkyDrive
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/09 16:51:48 | 001,288,704 | ---- | M] () -- C:\Users\Zoe\Desktop\zoek.exe
[2014/08/09 16:36:27 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Zoe\Desktop\JRT.exe
[2014/08/09 16:23:25 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/09 16:23:25 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/09 16:23:25 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/09 16:20:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/09 16:19:09 | 000,017,408 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
[2014/08/09 16:18:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/09 16:18:35 | 2479,849,471 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/09 16:18:33 | 000,017,408 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
[2014/08/09 16:18:33 | 000,017,408 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2014/08/09 16:18:30 | 000,029,336 | ---- | M] () -- C:\windows\SysNative\wpbbin.exe
[2014/08/09 15:20:38 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2014/08/09 15:08:26 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/09 15:02:31 | 000,001,176 | ---- | M] () -- C:\Users\Zoe\Desktop\Auslogics DiskDefrag.lnk
[2014/08/09 15:00:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/09 14:48:04 | 000,281,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/09 14:37:33 | 000,001,431 | ---- | M] () -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/09 14:31:20 | 000,010,856 | ---- | M] () -- C:\Users\Zoe\Desktop\Removed Apps.html
[2014/08/09 14:24:59 | 000,017,148 | ---- | M] () -- C:\windows\diagwrn.xml
[2014/08/09 14:24:59 | 000,017,148 | ---- | M] () -- C:\windows\diagerr.xml
[2014/08/09 10:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2014/08/09 07:26:42 | 000,000,000 | -H-- | M] () -- C:\Users\Zoe\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2014/08/09 16:51:48 | 001,288,704 | ---- | C] () -- C:\Users\Zoe\Desktop\zoek.exe
[2014/08/09 15:20:38 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2014/08/09 15:02:31 | 000,001,176 | ---- | C] () -- C:\Users\Zoe\Desktop\Auslogics DiskDefrag.lnk
[2014/08/09 15:00:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/09 14:37:33 | 000,001,431 | ---- | C] () -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/09 14:31:20 | 000,010,856 | ---- | C] () -- C:\Users\Zoe\Desktop\Removed Apps.html
[2014/08/09 14:29:06 | 000,001,437 | ---- | C] () -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/08/09 14:24:44 | 000,002,107 | ---- | C] () -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2014/08/09 14:24:44 | 000,000,352 | ---- | C] () -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/08/09 14:24:44 | 000,000,334 | ---- | C] () -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/08/09 14:24:41 | 000,017,148 | ---- | C] () -- C:\windows\diagwrn.xml
[2014/08/09 14:24:41 | 000,017,148 | ---- | C] () -- C:\windows\diagerr.xml
[2014/08/09 07:26:42 | 000,000,000 | -H-- | C] () -- C:\Users\Zoe\Documents\Default.rdp
[2013/09/30 17:26:41 | 000,037,820 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2013/09/30 17:25:13 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/09/30 17:14:17 | 000,017,408 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/09/30 17:13:40 | 000,017,408 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2012/11/13 01:09:43 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/09/20 01:32:51 | 019,775,488 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/20 00:54:47 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/13 01:34:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Book Place
[2013/09/30 17:30:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\toshiba
[2012/11/13 01:07:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2014/08/09 16:17:50 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\Browser Extensions
[2014/08/09 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\Zoe\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#40
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

OTL Extras logfile created on: 8/9/2014 5:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zoe\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.85% Memory free
12.39 Gb Paging File | 10.73 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.30 Gb Total Space | 634.22 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
 
Computer Name: ZOE | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80A23B66-0313-4174-83CC-A33F322A58B9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ED8E71CD-9D55-4CA3-9A00-B8C13E88D5B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03324FC4-0834-4DB0-8F64-90EDE296C5D3}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0667504D-E939-4D41-BCD8-459F0F6AC748}" = dir=out | name=hulu plus |
"{192D84A4-353E-4267-97E3-F75029010104}" = dir=out | name=iheartradio |
"{2A539C35-DBFF-41FA-9AA6-12C72A607AB8}" = dir=out | name=netflix |
"{2C715099-4D2D-4CB9-B915-1FF7C66D9971}" = dir=in | name=toshiba media player by smedio truelink+ |
"{3130E7FD-35F8-4B0B-BDDE-AE71122E25B0}" = dir=out | name=ebay |
"{3E56B8DB-EBD7-492B-8BB6-5DE2B6778C08}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{44F53B93-B3A3-4F22-857E-A7F1FF75BC99}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{524D0E1D-304E-4CEA-92F8-4868A42471EA}" = dir=out | name=news place |
"{594E40DA-0BA8-4BC5-A781-47AA34C1EBA9}" = dir=out | name=book place |
"{5B5CE0B0-F9E4-445C-83A1-9FAF93E74D62}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5D22B2B6-4170-4C53-96E5-178552D89728}" = dir=out | name=norton studio |
"{66335FC0-A849-4730-83F7-546D47B9B248}" = dir=in | name=amazon for windows |
"{6E9B6AB8-E76A-4CD8-B353-5CAFB53DB4CC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6F009E5E-2ABF-463C-9533-CD98C9D2AF68}" = dir=in | name=ebay |
"{7229DA13-46DE-4F49-BC04-52035C6F53CB}" = dir=out | name=toshiba central |
"{79997043-EF8A-45B0-BC66-2A1A7F849759}" = dir=out | name=- games app - |
"{7C54C775-76F4-4BB1-BFDD-4F8BB57CAF23}" = dir=out | name=merriam-webster dictionary |
"{7D74386C-E7C5-47AC-A31D-932CBF665CEC}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{98A675DD-1110-480A-A6DF-12934C761690}" = dir=out | name=windows_ie_ac_001 |
"{9B3F5F2E-6EF0-436A-BEF5-E26AFDFB8083}" = dir=out | name=amazon for windows |
"{9DAEA039-4D91-4F8F-B0D8-9C074827613C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{9E14053E-F742-4507-9E90-32AC1B012800}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9E7E1394-0A83-4501-970E-13726BD339BC}" = dir=out | name=encyclopaedia britannica |
"{A419D75E-9D4A-41DD-899F-113C46D22188}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A5899D5C-2217-4206-A23C-25E274697C2B}" = dir=out | name=stumbleupon |
"{B034B410-9AFB-4033-851A-1BBD162E1DEE}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B710AC1D-2216-48C0-846B-94E349762A4F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{BBCED270-8A47-469B-87DB-828D0583CB1F}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C42C9C11-7201-4803-8F22-D676678AA92C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C564DE76-5E5C-4A82-A39C-A4BF95EA1FE5}" = dir=out | name=vimeo |
"{CC00F83B-A71B-4F35-9535-159D527CD554}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D03E56A2-0863-4D81-81EA-53B73A8A3C73}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D178E174-8EA2-4C70-B16B-F120E7AE4A70}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D2A67B0F-D142-4FB8-AA53-DB2A63295CBC}" = dir=out | name=deals & offers |
"{D750C83E-BB5F-46FE-BF15-0E6C74294BEA}" = dir=out | name=icookbook se |
"{DC3C7E7F-8DEE-4ADA-8C6B-5D2D3703F226}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{DCF4160E-1B93-46CF-BB00-0D81D873A276}" = dir=out | name=toshiba media player by smedio truelink+ |
"{DF019BBB-B165-4973-AC41-BD105D78FA0D}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{E1AD3578-E12B-4B03-964D-70255A6799FE}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F0C54180-689A-46B9-ACE1-878B3B95413D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F7F67798-9F68-4EF4-9E41-3B14D3A1BD85}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}" = TOSHIBA HDD Accelerator
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"57F58DC141BEB353704E041792E5B00606694FEA" = Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24B45620-22B6-4E4A-B836-FF30A0B0404E}" = Toshiba Book Place
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1786E63-2127-42C9-95A3-146E5F727BF1}" = TOSHIBA Password Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NARA" = Norton Online Backup ARA
"NAT" = Norton Anti-Theft
"NIS" = Norton Internet Security
"NortonPCCheckup" = Norton PC Checkup
"NortonSD" = Norton Security Dashboard
"Origin" = Origin
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0d538497-e23b-4d2c-8121-4ff736082270" = Virtual Villagers 5 - New Believers
"WTA-1e560f60-64d0-4ce8-902d-1c11f291577c" = Penguins!
"WTA-44bf3aff-74fe-4950-9ed2-1a8c5fdec728" = Bejeweled 3
"WTA-4a9f210d-7ff9-4af4-9e16-83fba0f03e23" = Polar Bowler
"WTA-5acb7508-5e54-45e1-9ede-6810f27daf47" = Plants vs. Zombies - Game of the Year
"WTA-5e48f95b-7117-46f2-ae0c-1efbecf428bd" = Gardenscapes: Mansion Makeover
"WTA-94179b72-689f-468b-b378-e6dd6bf75d27" = Vacation Quest™ - Australia
"WTA-a0285db7-8eea-4396-83eb-4c0264009fb9" = FATE
"WTA-cf41babe-70fe-400c-b9a2-99d03ac46d82" = Youda Jewel Shop
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/9/2014 5:54:07 PM | Computer Name = Zoe | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service rpcnetp since QueryServiceConfig API failed  System Error: The system cannot
 find the file specified.  .
 
 
< End of report >
 


  • 0

Advertisements


#41
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That looks a lot better. How's it running?


  • 0

#42
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

so far so good, sorry to ruin your Saturday, I never realized she had that much malware on here. MBAM & ATF are working too, thank you so much for all your help


  • 0

#43
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

so far so good, sorry to ruin your Saturday

 

That's ok, we got the machine squared away and that's important. :thumbsup:

 

 

 

I never realized she had that much malware on here.

 

I misread your initial post. Somehow I got the idea that this was a New W8 machine. The new part was Uncle Greg learning W8 in a "combat situation". :lol:

 

 

[MBAM & ATF are working too,

 

That should have been my tip off that much was wrong, but I missed it :blush:

 

 

thank you so much for all your help

 

You are quite welcome! I thank you for your help at the OP's end :thumbsup:  Have you ever thought of taking our training? I already see some qualities in you (determination, tenacity, interest, desire to help others) that would make a good Helper! :thumbsup:

 

Give it a think!

 

Ok, all that said, how the machine look this morning? Anything more to do or are we good?


  • 0

#44
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

essexboy has mentioned that to me before too, if I didn't work 50 hours a week and then have to work at home and help take care of elderly in laws I would have the time for this. I felt if I was trained properly that it wouldn't be fair to others because I can't devote a lot of time to it. possibly in the future though. I can't thank you enough for your help and my niece thanks you too


  • 0

#45
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ahh...time. Yes, in deed! That's the great leveler in all this. I have to admit that I too struggle fitting it all in.

 

The future perhaps! It's a lot of fun and I think you'd do well once your schedule opens up :)

 

You and your niece are quite welcome! It was a pleasure as always!

 

Don't be a stranger even if it's just so say "Hi".

 

Anything else needed before I go and cut my lawn?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP