Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malicious Websites Continuously Blocked [Closed]

powershell malicious searchnet.blinkx.core fff5ee.com

  • This topic is locked This topic is locked

#1
LisaQuing

LisaQuing

    Member

  • Member
  • PipPip
  • 29 posts

I would love to have some assistance in solving a confusing problem that seems like malware.

 

I work online 4-6 hours a day doing web search annotation which involves clicking a large amount of website links. Last night I clicked an adult website (which I normally try to avoid; sometimes they are tricky) and immediately started having problems with my computer. The CPU usage was at 100% for a long time, the browser was sluggish, etc.... Saw that a dllhost.exe (COM Surrogate) is taking a lot of CPU usage. I use an unprivileged user account for my work.

 

When I went to bed, I ran a Malwarebytes scan in my admin account. It found 21 PUPs but nothing that even seemed suspicious. MBAM recommended ignoring them, so I did. 

 

When rebooting, I now get a message that Windows PowerShell has stopped working. This message repeats intermittently. I notice in the Resource Monitor that PowerShell is taking about 17.04 of the CPU usage. Several different instances of COM Surrogate/dllhost.exe combined take over 50% of the CPU usage.

 

Another Malwarebytes scan in my work account again showed the same 21 PUPs, but this time I quarantined them.

 

Now that Malwarebytes is installed, I see constant notifications that Malicious websites are blocked. The same IP addresses are listed over and over. These are outbound.

IP addresses are:

95.215.1.57

31.184.192.90 fff5ee.com

88.214.193.211

5.14.50.194

I also once saw searchnet.blinkx.core listed.  

I finally turned off the notifications because they block the lower right corner of the screen constantly.

 

Once I saw a printer window come up randomly and then vanish. I was not trying to print.

 

One message came up that JS Trojan.Ransom.A was in my network traffic but blocked from downloading. I can't remember if the message was from F-Secure or from MBAM.

 

Here is what else I have tried in my unprivileged work user account:

Ran CCleaner v3.23.1823 and canceled at 28% because I wanted to run a virus scan instead.

 

Ran Charter Security Suite F-secure Virus/Spyware Scan. (This is my paid virus scanner through Charter.) No malware found.

 

Ran AdwCleaner - found nothing.

 

Downloaded Bitdefender but could not install without uninstalling F-Secure, so I left it alone.

 

Ran Kaspersky TDSS killer - no threats found.

 

Ran RKIll (iexplore.exe) - nothing found.

 

Ran OTL and here is the log:

 

 

OTL logfile created on: 10/17/2014 1:31:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Work\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 12.71% Memory free
7.26 Gb Paging File | 2.14 Gb Available in Paging File | 29.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.90 Gb Total Space | 250.87 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
 
Computer Name: LISALAPTOP | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/17 13:29:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Work\Downloads\OTL.exe
PRC - [2014/10/17 13:22:04 | 001,944,824 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Work\Downloads\iExplore.exe
PRC - [2014/10/03 17:03:12 | 000,101,192 | ---- | M] (Google) -- C:\Users\Work\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/09/23 00:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/20 03:07:54 | 000,775,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Work\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/25 13:57:26 | 000,255,040 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/06/09 10:13:38 | 001,229,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2014/06/09 10:13:36 | 000,681,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/08/14 08:23:06 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2013/08/14 08:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2013/06/25 07:37:44 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
PRC - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
PRC - [2012/10/10 00:59:28 | 000,143,024 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
PRC - [2012/07/17 18:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 18:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 16:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 14:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/17 11:25:29 | 000,043,008 | ---- | M] () -- c:\Users\Work\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4r_s9.dll
MOD - [2014/09/23 00:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/23 00:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/23 00:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/23 00:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/23 00:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Work\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/06/01 05:08:56 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/05/24 12:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 12:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Work\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/14 08:22:50 | 000,056,256 | ---- | M] () -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2013/08/14 08:22:48 | 000,154,560 | ---- | M] () -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\flyerres.eng
MOD - [2013/03/13 09:12:07 | 000,593,464 | ---- | M] () -- C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/07 01:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/05/29 19:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/29 04:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/27 02:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/24 21:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/08/10 17:56:26 | 000,214,488 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2012/07/28 13:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 18:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 18:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/09/15 19:28:02 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/11 22:42:07 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 13:57:26 | 000,255,040 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/24 17:00:06 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2013/08/14 08:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2013/07/27 02:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/06/25 07:37:44 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster)
SRV - [2013/04/12 17:00:38 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2012/10/10 00:59:28 | 000,143,024 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8)
SRV - [2012/08/08 07:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 18:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 18:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 16:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 14:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/24 09:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/28 15:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 18:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/10 07:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/09 07:39:34 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2013/10/05 02:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/08/28 06:32:28 | 000,524,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 02:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 21:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 21:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/04 10:42:04 | 000,014,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/12 17:00:38 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/29 13:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/29 13:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 18:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/10 14:56:56 | 000,131,520 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2012/08/06 10:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 16:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 15:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 20:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 05:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 19:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 17:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/10 20:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 19:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 11:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 14:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 17:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2014/06/23 05:35:01 | 000,069,960 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/06/19 18:12:08 | 000,086,056 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys -- (fsni)
DRV - [2014/06/09 10:16:13 | 000,203,304 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013/08/14 08:22:44 | 000,013,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2013/03/13 09:18:11 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=527558075&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B}
IE:64bit: - HKLM\..\SearchScopes\{D8F18CEB-57F9-4FB4-83CD-A252A2DC130B}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=527558075&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B}
IE - HKLM\..\SearchScopes\{D8F18CEB-57F9-4FB4-83CD-A252A2DC130B}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...278&fr=sp_tr_ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Users\Work\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Users\Work\AppData\Local\Mozilla Firefox\plugins
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - default_search_provider: 9C6F4F59EE953624DB5A92B7FA6EF6EB854A5A685512F1B7C2EAE6E754910435 (Enabled)
CHR - default_search_provider: search_url = 41C57D80C2C5CB0F7DACB8D1874395EE8C3EDEDBE0552B0C51ED7F795113D51D
CHR - default_search_provider: suggest_url = 
CHR - homepage: F764601031B4C33780E52F13FF98265621B7831BA4CBAD0035407D60AD39246F
CHR - Extension: Duolingo Web = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.11_0\
CHR - Extension: Duolingo Web = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.12_0\
CHR - Extension: Google Docs = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Unfollowers for Chrome = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbaokcchpeocidhfccllamniooiefin\1.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Adblock Plus = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.6_0\
CHR - Extension: Google Search = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pin It Button = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.4_0\
CHR - Extension: Pin It Button = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: feedly = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.2_0\
CHR - Extension: feedly = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\34_0\
CHR - Extension: Classic Retweet = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejfljhfeahhhicjefeehikaooffggmf\1.12_0\
CHR - Extension: feedly = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja\33_0\
CHR - Extension: feedly = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja\34_0\
CHR - Extension: Google Wallet = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Reader = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\lisaq_000\AppData\Roaming\Browser Extensions\Coupons64.dll ()
O2 - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\lisaq_000\AppData\Roaming\Browser Extensions\Coupons.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [Browser Extensions] C:\Users\lisaq_000\AppData\Roaming\Browser Extensions\CouponsHelper.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_53CCEE9D562CFDDD0AB8998378A9FAFB] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [PogoplugPC] C:\Program Files (x86)\PogoplugPC\ppserver.exe (Cloud Engines, Inc.)
O4 - HKCU..\Run: [SearchProtection] C:\Users\lisaq_000\AppData\Roaming\Search Protection\SearchProtection.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F028BB-D902-47DC-969A-DB775C219546}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/17 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/10/17 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/10/17 12:38:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/17 00:00:14 | 000,000,000 | ---D | C] -- C:\Users\lisaq_000\AppData\Roaming\F-Secure
[2014/10/16 23:47:31 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/16 23:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/16 23:46:17 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/16 23:46:17 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/16 23:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/18 10:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/17 13:50:13 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004UA.job
[2014/10/17 13:44:23 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/17 13:26:12 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/17 11:27:27 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/17 11:27:27 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/17 11:27:27 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/17 11:24:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/17 11:24:06 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/17 11:22:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/10/17 11:21:05 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/17 00:25:42 | 000,000,626 | ---- | M] () -- C:\windows\tasks\Scheduled scanning task.job
[2014/10/16 23:48:09 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/16 23:47:20 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/16 21:50:15 | 000,000,874 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004Core.job
[2014/09/18 10:55:10 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
 
========== Files Created - No Company Name ==========
 
[2014/10/17 00:24:49 | 000,388,729 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014/10/16 23:47:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/01 19:15:12 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2014/09/29 20:45:37 | 000,010,450 | ---- | C] () -- C:\windows\SysNative\autoconfig.cab
[2014/09/18 10:54:39 | 000,002,463 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/07/18 20:10:09 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/03/15 12:28:03 | 000,000,047 | ---- | C] () -- C:\Users\lisaq_000\AppData\Roaming\WB.CFG
[2013/09/12 08:48:34 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/03/13 09:18:11 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2013/03/13 09:18:00 | 000,019,842 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2013/01/05 12:53:38 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2014/08/22 14:05:36 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 04:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 02:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/20 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\7-PDFMaker
[2013/03/12 20:53:12 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\Book Place
[2014/10/16 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\Browser Extensions
[2014/09/09 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\CatenaLogic
[2014/08/22 14:01:32 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\DesktopIconForAmazon
[2013/07/04 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\DigitalVolcano
[2013/05/04 19:12:53 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\Dropbox
[2014/08/22 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\DVDVideoSoft
[2014/10/17 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\F-Secure
[2014/03/15 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\FileZilla
[2014/08/22 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\Search Protection
[2013/12/23 09:50:01 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\WildTangent
[2013/03/12 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\lisaq_000\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >
 

Thank you for reading!

 

 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi LisaQuing,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

To get a better handle on this infection, please scan your system with the below scanner:

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
LisaQuing

LisaQuing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I was unable to do anything further with that user account. So, I moved my files and deleted the user account. Would it be possible for the problem to still exist within my machine? If so, what account should I use to run the diagnostics?


Edited by LisaQuing, 19 October 2014 - 09:12 PM.

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

As long as you use an account with Administrator privileges, any account will do (for the scan, that is).  As to whether or not the infection survives an account deletion, IF this is the infection I believe it is then it will still be on the system.  It will just take a while for the infection to get triggered again.  Please provide the scan requested.  Thank you.


  • 0

#5
LisaQuing

LisaQuing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
First of all, Windows 8 did not want me to run Farbar. I had to click to allow it.
 
Then F-secure (Charter Security Suite) Deep Guard blocked it and I also had to allow it additional permission to run.
 
Here are the logs.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Lisa (administrator) on LISALAPTOP on 21-10-2014 09:38:30
Running from C:\Users\lisaq_000\Desktop
Loaded Profiles: Lisa & Work_2 (Available profiles: Lisa & Work_2)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\hbadmin.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Work_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\ppserver.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Dropbox, Inc.) C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2873026252-2686656759-1413732285-1001\...\Run: [GoogleChromeAutoLaunch_53CCEE9D562CFDDD0AB8998378A9FAFB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-2873026252-2686656759-1413732285-1001\...\Run: [PogoplugPC] => C:\Program Files (x86)\PogoplugPC\ppserver.exe [23790592 2013-04-12] (Cloud Engines, Inc.)
HKU\S-1-5-21-2873026252-2686656759-1413732285-1001\...\Run: [SearchProtection] => "C:\Users\lisaq_000\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-2873026252-2686656759-1413732285-1006\...\Run: [GoogleChromeAutoLaunch_3FB23F71E0C27E97A151C405B7C70068] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
Startup: C:\Users\lisaq_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...278&fr=sp_tr_ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM - {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {D8F18CEB-57F9-4FB4-83CD-A252A2DC130B} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Work\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://accounts.goo...lt&ltmplcache=2", "https://www.facebook.com/", "hxxp://www.sparkpeople.com/myspark/start-now.asp", "hxxp://pinterest.com/", "hxxp://www.weather.com/weather/today/Dryden+MI+48428", "hxxp://www.feedly.com/home#my", "hxxp://www.twitter.com/"
CHR Profile: C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo Web) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-03-12]
CHR Extension: (Google Docs) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-12]
CHR Extension: (Google Drive) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-12]
CHR Extension: (Unfollowers for Chrome) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbaokcchpeocidhfccllamniooiefin [2014-03-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (YouTube) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-12]
CHR Extension: (Adblock Plus) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-17]
CHR Extension: (Google Search) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-12]
CHR Extension: (Pin It Button) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-10-17]
CHR Extension: (feedly) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-03-15]
CHR Extension: (Classic Retweet) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejfljhfeahhhicjefeehikaooffggmf [2013-10-17]
CHR Extension: (feedly) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-04-15]
CHR Extension: (Google Wallet) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Google Reader) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2013-03-12]
CHR Extension: (Gmail) - C:\Users\lisaq_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-10] (APN LLC.)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-17] (WildTangent)
R2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-04-12] (Cloud Engines, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143024 2012-10-10] (Stardock Software, Inc)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S3 cphs; %SystemRoot%\SysWow64\IntelCpHeciSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-09] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-03-13] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R3 xcetap0; C:\Windows\system32\DRIVERS\xcetap0.sys [39712 2013-04-12] (Cloud Engines, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 09:38 - 2014-10-21 09:39 - 00024819 _____ () C:\Users\lisaq_000\Desktop\FRST.txt
2014-10-21 09:34 - 2014-10-21 09:38 - 00000000 ____D () C:\FRST
2014-10-21 09:30 - 2014-10-21 09:31 - 02110976 _____ (Farbar) C:\Users\lisaq_000\Desktop\FRST64.exe
2014-10-20 21:01 - 2014-10-20 21:01 - 00005622 _____ () C:\Users\Work_2\Downloads\Andrew&#39;s reason.txt
2014-10-20 21:01 - 2014-10-20 21:01 - 00002335 _____ () C:\Users\Work_2\Downloads\Teaching Stories.txt
2014-10-19 17:03 - 2014-10-21 00:19 - 00089600 ___SH () C:\Users\Work_2\Downloads\Thumbs.db
2014-10-19 17:01 - 2014-10-20 21:25 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\PrimoPDF
2014-10-19 16:18 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\OpenOffice
2014-10-19 15:59 - 2014-10-19 15:59 - 00000000 ____D () C:\Users\Work_2\AppData\Local\Adobe
2014-10-19 15:54 - 2014-10-20 07:49 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2873026252-2686656759-1413732285-1006
2014-10-19 15:43 - 2014-10-21 08:54 - 00000000 ___RD () C:\Users\Work_2\Dropbox
2014-10-19 15:43 - 2014-10-19 15:43 - 00001054 _____ () C:\Users\Work_2\Desktop\Dropbox.lnk
2014-10-19 14:46 - 2014-10-19 14:46 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-19 14:42 - 2014-10-21 08:54 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Dropbox
2014-10-19 14:35 - 2014-10-19 14:35 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Macromedia
2014-10-19 14:29 - 2014-10-20 19:27 - 00000000 ____D () C:\Users\Work_2\AppData\Local\CrashDumps
2014-10-19 13:09 - 2014-10-21 09:11 - 00000000 ___RD () C:\Users\lisaq_000\Dropbox
2014-10-19 13:09 - 2014-10-19 13:09 - 00001057 _____ () C:\Users\lisaq_000\Desktop\Dropbox.lnk
2014-10-19 13:07 - 2014-10-19 13:07 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-19 12:53 - 2014-10-19 12:53 - 00323672 _____ (Dropbox, Inc.) C:\Users\lisaq_000\Downloads\DropboxInstaller.exe
2014-10-17 21:50 - 2014-10-17 21:50 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-10-17 21:49 - 2014-10-19 14:24 - 00000000 ____D () C:\Users\TEMP
2014-10-17 21:08 - 2014-10-17 21:08 - 00309096 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Users\lwagn_000\AppData\Local\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\ProgramData\APN
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Oracle
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 20:57 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 20:45 - 2014-10-21 00:23 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Apple Computer
2014-10-17 20:45 - 2014-10-17 20:45 - 00000000 ____D () C:\Users\Work_2\AppData\Local\TOSHIBA
2014-10-17 20:44 - 2014-10-19 15:59 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Adobe
2014-10-17 20:44 - 2014-10-19 15:43 - 00000000 ____D () C:\Users\Work_2
2014-10-17 20:44 - 2014-10-19 14:26 - 00002270 _____ () C:\Users\Work_2\Desktop\Google Chrome.lnk
2014-10-17 20:44 - 2014-10-17 20:44 - 00001445 _____ () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 20:44 - 2014-10-17 20:44 - 00000020 ___SH () C:\Users\Work_2\ntuser.ini
2014-10-17 20:44 - 2014-10-17 20:44 - 00000000 ____D () C:\Users\Work_2\AppData\Local\VirtualStore
2014-10-17 20:44 - 2014-10-17 20:44 - 00000000 ____D () C:\Users\Work_2\AppData\Local\Packages
2014-10-17 20:44 - 2014-10-17 20:44 - 00000000 ____D () C:\Users\Work_2\AppData\Local\Google
2014-10-17 20:44 - 2014-07-09 18:50 - 00000000 ___RD () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-17 20:44 - 2014-05-15 14:49 - 00000000 ___RD () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-17 20:44 - 2012-11-13 02:57 - 00002107 _____ () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-10-17 20:44 - 2012-07-26 04:13 - 00000000 ___RD () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 20:44 - 2012-07-26 04:13 - 00000000 ____D () C:\Users\Work_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-17 20:36 - 2014-10-17 20:37 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2873026252-2686656759-1413732285-1005
2014-10-17 20:30 - 2014-10-17 20:50 - 00000000 ____D () C:\Users\lwagn_000\AppData\Local\TOSHIBA
2014-10-17 20:28 - 2014-10-17 20:50 - 00000000 ____D () C:\Users\lwagn_000\AppData\Local\Packages
2014-10-17 20:27 - 2014-10-17 21:36 - 00000000 ____D () C:\Users\lwagn_000
2014-10-17 14:57 - 2014-10-17 19:33 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Kopsik
2014-10-17 14:57 - 2014-10-17 14:57 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\Toggl
2014-10-17 14:56 - 2014-10-17 14:56 - 00002036 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TogglDesktop.lnk
2014-10-17 14:56 - 2014-10-17 14:56 - 00002030 _____ () C:\Users\Public\Desktop\TogglDesktop.lnk
2014-10-17 14:55 - 2014-10-17 14:55 - 00000000 ____D () C:\Program Files (x86)\Toggl
2014-10-17 14:54 - 2014-10-17 14:54 - 14650880 _____ () C:\Users\lisaq_000\Downloads\toggldesktop-7_1_114-2014-10-14-11-25-48.msi
2014-10-17 14:05 - 2014-10-17 21:46 - 00007619 _____ () C:\Users\lisaq_000\AppData\Local\Resmon.ResmonCfg
2014-10-17 13:22 - 2014-10-17 13:31 - 00002186 _____ () C:\Users\lisaq_000\Desktop\Rkill.txt
2014-10-17 12:45 - 2014-10-17 12:45 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-17 12:38 - 2014-10-17 12:44 - 00000000 ____D () C:\AdwCleaner
2014-10-17 00:45 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-17 00:45 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-17 00:43 - 2014-07-11 20:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-17 00:43 - 2014-07-11 20:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-17 00:43 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-17 00:43 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-17 00:43 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-17 00:43 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-17 00:43 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-17 00:43 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-17 00:43 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-17 00:43 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-17 00:43 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-17 00:43 - 2014-06-28 02:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-17 00:43 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-17 00:43 - 2014-06-25 03:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-17 00:43 - 2014-06-25 03:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-17 00:43 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-17 00:43 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-17 00:43 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-17 00:43 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-17 00:43 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-17 00:43 - 2014-05-29 19:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-17 00:43 - 2014-05-29 19:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-17 00:43 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-17 00:42 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-17 00:42 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-17 00:42 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-17 00:42 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-17 00:42 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-17 00:42 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-17 00:42 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-17 00:42 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-17 00:42 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-17 00:42 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-17 00:42 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-17 00:42 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-17 00:42 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-17 00:39 - 2014-09-13 01:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-17 00:39 - 2014-09-13 00:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-17 00:36 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-17 00:36 - 2014-07-07 01:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-17 00:36 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-17 00:36 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-17 00:36 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-17 00:36 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-17 00:36 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-17 00:36 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-17 00:36 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-17 00:35 - 2014-09-28 00:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-17 00:31 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-17 00:30 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-17 00:29 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-17 00:29 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-17 00:29 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-17 00:29 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-17 00:29 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-17 00:29 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-17 00:29 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-17 00:29 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-17 00:28 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-17 00:28 - 2014-09-20 01:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-17 00:28 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-17 00:28 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-17 00:28 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-17 00:28 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-17 00:28 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-17 00:28 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-17 00:27 - 2014-09-20 01:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-17 00:27 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-17 00:27 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-17 00:27 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-17 00:27 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-17 00:27 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-17 00:27 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-17 00:27 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-17 00:27 - 2014-09-19 23:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-17 00:27 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-17 00:27 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-17 00:27 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-17 00:27 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-17 00:27 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-17 00:27 - 2014-09-19 21:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-17 00:25 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-17 00:25 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-17 00:25 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-17 00:25 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-17 00:25 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-17 00:25 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-17 00:25 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-17 00:25 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-17 00:25 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-17 00:25 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-17 00:25 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-17 00:24 - 2014-08-01 18:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-17 00:23 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-17 00:22 - 2014-09-17 19:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-17 00:22 - 2014-09-17 18:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-17 00:22 - 2014-08-30 01:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-17 00:22 - 2014-08-30 01:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-17 00:22 - 2014-08-30 00:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-17 00:22 - 2014-08-30 00:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-17 00:22 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-17 00:00 - 2014-10-17 00:00 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\F-Secure
2014-10-16 23:47 - 2014-10-21 09:00 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 23:47 - 2014-10-21 08:59 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 23:47 - 2014-10-21 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 23:46 - 2014-10-21 08:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 23:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-16 23:46 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-12 14:43 - 2014-10-12 14:43 - 00002668 _____ () C:\Users\Public\Documents\Suzy's break.wlmp
2014-10-12 14:24 - 2014-10-12 14:24 - 00000000 ____D () C:\Users\Work\AppData\Roaming\DVDVideoSoft
2014-10-12 14:24 - 2014-10-12 14:24 - 00000000 ____D () C:\Users\Public\Documents\DVDVideoSoft
2014-10-04 19:35 - 2014-10-04 19:35 - 00000000 ____D () C:\Users\Work\AppData\Local\Unity
2014-10-01 19:15 - 2014-10-01 19:15 - 00002537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2014-10-01 19:04 - 2014-10-01 19:04 - 00000108 ____H () C:\Users\Work\Downloads\.~lock.Judge Feedback 2 (2).xlsx#
2014-10-01 18:59 - 2014-10-01 18:59 - 00000108 ____H () C:\Users\Work\Downloads\.~lock.Judge Feedback 2 (1).xlsx#
2014-09-29 20:45 - 2014-08-20 19:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-09-29 20:45 - 2014-08-20 13:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-29 20:45 - 2014-08-20 13:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-09-29 20:45 - 2014-08-20 13:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 20:45 - 2014-08-20 13:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-29 20:45 - 2014-08-20 13:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 20:45 - 2014-06-24 03:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab
2014-09-29 20:45 - 2014-06-24 02:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-09-23 07:52 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-09-23 07:52 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 09:26 - 2014-09-15 19:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 09:16 - 2013-03-12 19:41 - 01294757 _____ () C:\windows\WindowsUpdate.log
2014-10-21 09:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-21 08:57 - 2013-05-04 19:12 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Dropbox
2014-10-21 08:55 - 2013-10-18 19:23 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\CrashDumps
2014-10-21 08:54 - 2013-03-12 19:47 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 00:05 - 2013-11-01 17:20 - 00003400 _____ () C:\windows\System32\Tasks\Scheduled scanning task
2014-10-21 00:05 - 2013-11-01 17:20 - 00000626 _____ () C:\windows\Tasks\Scheduled scanning task.job
2014-10-20 23:50 - 2014-01-19 21:17 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004UA.job
2014-10-20 23:49 - 2013-03-12 19:47 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 21:50 - 2014-01-19 21:17 - 00000874 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004Core.job
2014-10-19 13:38 - 2012-11-13 02:02 - 01393902 _____ () C:\windows\PFRO.log
2014-10-19 13:38 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-19 13:38 - 2012-07-26 01:26 - 00786432 ___SH () C:\windows\system32\config\BBI
2014-10-19 13:09 - 2013-03-12 19:41 - 00000000 ____D () C:\Users\lisaq_000
2014-10-19 12:48 - 2013-03-19 11:13 - 00000000 ____D () C:\Users\Public\Documents\SOF
2014-10-19 12:47 - 2013-03-19 11:00 - 00000000 ____D () C:\Users\Public\Documents\ABH
2014-10-19 12:39 - 2013-10-12 12:15 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Apple Computer
2014-10-19 12:38 - 2013-03-13 10:51 - 00039936 ___SH () C:\Users\lisaq_000\Downloads\Thumbs.db
2014-10-19 12:36 - 2013-03-13 09:04 - 00000000 ____D () C:\Users\lisaq_000\Maxtor Hard drive
2014-10-19 12:30 - 2013-06-07 20:20 - 00000000 ____D () C:\Users\Public\Documents\Audible
2014-10-19 12:30 - 2013-03-25 10:47 - 00536064 ___SH () C:\Users\Work\Documents\Thumbs.db
2014-10-19 01:15 - 2013-03-19 11:11 - 00000000 ____D () C:\Users\Public\Documents\Lisa Job
2014-10-18 23:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-18 22:44 - 2013-03-12 19:47 - 00003900 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 22:44 - 2013-03-12 19:47 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 21:59 - 2014-09-18 10:54 - 00002463 ____N () C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2014-10-17 21:59 - 2012-11-13 02:36 - 00002479 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2014-10-17 21:59 - 2012-11-13 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-17 21:59 - 2012-11-13 02:36 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-17 21:37 - 2013-09-01 18:04 - 00000000 __SHD () C:\windows\ftpcache
2014-10-17 21:36 - 2014-08-22 14:01 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Browser Extensions
2014-10-17 20:58 - 2014-09-15 19:22 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\Adobe
2014-10-17 20:58 - 2013-03-12 19:43 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Adobe
2014-10-17 20:57 - 2013-11-29 15:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 20:57 - 2013-08-28 12:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 20:57 - 2013-03-13 07:00 - 00000000 ____D () C:\Users\Work
2014-10-17 19:10 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-10-17 15:02 - 2013-03-12 19:51 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2873026252-2686656759-1413732285-1001
2014-10-17 14:39 - 2014-08-22 14:01 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Search Protection
2014-10-17 14:23 - 2013-03-17 15:39 - 00000000 ____D () C:\Users\Work\AppData\Local\CrashDumps
2014-10-17 13:33 - 2013-03-13 16:59 - 00147968 ___SH () C:\Users\Work\Desktop\Thumbs.db
2014-10-17 11:27 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-17 11:26 - 2013-05-04 19:20 - 00000000 ___RD () C:\Users\Work\Dropbox
2014-10-17 11:25 - 2013-05-04 19:11 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Dropbox
2014-10-17 11:18 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 11:17 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-17 01:06 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-17 01:00 - 2013-07-19 11:33 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 00:49 - 2013-03-14 08:10 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 23:47 - 2013-10-17 22:17 - 00000000 ____D () C:\Users\lisaq_000\AppData\Roaming\Malwarebytes
2014-10-16 23:46 - 2013-10-17 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 23:42 - 2014-07-20 15:56 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\Pogoplug
2014-10-16 19:27 - 2013-03-20 12:36 - 00000000 ____D () C:\Users\Work\AppData\Roaming\PrimoPDF
2014-10-16 19:22 - 2013-03-19 11:10 - 00000000 ____D () C:\Users\Public\Documents\Lessons
2014-10-16 17:32 - 2013-03-14 08:44 - 10259968 ___SH () C:\Users\Work\Downloads\Thumbs.db
2014-10-16 00:08 - 2013-03-19 11:09 - 00000000 ____D () C:\Users\Public\Documents\ESSAY CLASS
2014-10-16 00:02 - 2013-03-19 11:15 - 00000000 ____D () C:\Users\Public\Documents\Speaking
2014-10-12 18:32 - 2013-03-19 11:08 - 00000000 ____D () C:\Users\Public\Documents\CompMiddleSchool
2014-10-10 16:05 - 2013-03-19 11:13 - 00000000 ____D () C:\Users\Public\Documents\RR
2014-10-09 14:51 - 2014-06-07 08:45 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Mozilla
2014-10-09 14:15 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-06 16:55 - 2013-03-19 11:01 - 00000000 ____D () C:\Users\Public\Documents\Addresses
2014-10-06 11:58 - 2013-03-19 11:08 - 00000000 ____D () C:\Users\Public\Documents\CompHighSchool
2014-10-05 17:49 - 2013-03-19 11:16 - 00000000 ____D () C:\Users\Public\Documents\Writing
2014-10-04 18:57 - 2013-10-18 17:04 - 00079360 ___SH () C:\Users\Public\Documents\Thumbs.db
2014-10-03 15:48 - 2013-03-19 11:10 - 00000000 ____D () C:\Users\Public\Documents\Learning Projects
2014-10-03 13:14 - 2013-03-13 07:06 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2873026252-2686656759-1413732285-1004
2014-10-01 19:13 - 2013-03-28 08:07 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-10-01 12:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-10-01 11:11 - 2013-10-17 22:16 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-01 08:01 - 2012-11-13 02:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-26 10:17 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-09-22 13:19 - 2013-03-19 11:13 - 00000000 ____D () C:\Users\Public\Documents\Soccer
 
Some content of TEMP:
====================
C:\Users\lisaq_000\AppData\Local\Temp\72669uninstall.exe
C:\Users\lisaq_000\AppData\Local\Temp\APNSetup.exe
C:\Users\lisaq_000\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\lisaq_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmparwzgc.dll
C:\Users\lisaq_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\lisaq_000\AppData\Local\Temp\oi_{700ACC9C-6AD1-44C0-903C-65670CD73612}.exe
C:\Users\lisaq_000\AppData\Local\Temp\Quarantine.exe
C:\Users\lisaq_000\AppData\Local\Temp\sqlite3.dll
C:\Users\lisaq_000\AppData\Local\Temp\ssdl9520.exe
C:\Users\lisaq_000\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Work\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4r_s9.dll
C:\Users\Work\AppData\Local\Temp\Scrivener-1720-update.exe
C:\Users\Work_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw0ge0n.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-18 10:40
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Lisa at 2014-10-21 09:40:24
Running from C:\Users\lisaq_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-PDF Maker Version 1.4.1 (Build 128) (HKLM-x32\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.4.1 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adapter (HKLM-x32\...\{86085790-0A1A-4098-8CA9-579DB8F2771D}_is1) (Version:  - Macroplant, LLC)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.2008627016 - Audible, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Extensions (HKCU\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.3 - Spigot, Inc.) <==== ATTENTION
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Charter Security Suite (HKLM-x32\...\F-Secure ServiceEnabler 42626) (Version: 1.83.311.0 - F-Secure Corporation)
Charter Security Suite (x32 Version: 1.83.311.0 - F-Secure Corporation) Hidden
Clear Clipboard 1.0 (HKLM-x32\...\Clear Clipboard) (Version: 1.0 - Tiushkov Nikolay)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Security 12.83.104.0 (release) (x32 Version: 12.83.104.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
Duplicate Cleaner Free 3.1.5 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.1.5 - DigitalVolcano Software Ltd) <==== ATTENTION
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (x32 Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (x32 Version: 1.02.128 - F-Secure Corporation) Hidden
Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
JPG to PDF Converter 1.1 (HKLM-x32\...\JPG to PDF Converter) (Version: 1.1 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Math 6 Teaching Textbook  (HKLM-x32\...\Math 6 Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyMediaBookmarks (HKLM-x32\...\MyMediaBookmarks_is1) (Version: 1.5 - CatenaLogic)
Online Safety 2.83.1346.10 (x32 Version: 2.83.1346.10 - F-Secure Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pogoplug PC (HKLM\...\PogoplugPC) (Version: 1.1.8 - Cloud Engines Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
SceneGrabber.NET (HKLM-x32\...\{C8793276-2F36-454A-A524-9957B979FDE1}) (Version: 1.0.0 - targit)
Scrivener Update (HKLM-x32\...\Scrivener 1530) (Version: 1600 - Literature and Latte)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1200}) (Version: 12.18.0.82 - APN, LLC) <==== ATTENTION
Search Protection (HKCU\...\Search Protection) (Version: 9.7.0.3 - Spigot, Inc.) <==== ATTENTION
SmartFTP Client (HKLM\...\{5CB37516-555F-4975-8751-ADC605F54CA5}) (Version: 4.1.1316.0 - SmartSoft Ltd.)
Start8 (HKLM\...\Start8_is1) (Version: 1.0 - Stardock Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
TogglDesktop (HKLM-x32\...\{866453F8-4336-4090-9A7B-E6FCCA53B762}) (Version: 7.1.114 - Toggl)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.42.120  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TweetDeck (HKLM-x32\...\{6CCFA6CF-8C44-481E-BC34-B1038F570842}) (Version: 3.0.5 - Twitter, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Youtube Music Downloader 6.5 (HKLM-x32\...\{00AA23A3-F4F7-4805-AA6B-4C2A74F3AB2B}_is1) (Version: 6.5 - YoutubeMusicDownloader.us Inc.)
ZC WMV to DVD Burner 6.6.5 (HKLM-x32\...\ZC WMV to DVD Burner_is1) (Version:  - ZC Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lisaq_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873026252-2686656759-1413732285-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Work_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-10-2014 23:14:07 Installed Microsoft Office Excel Viewer
10-10-2014 01:43:10 Scheduled Checkpoint
17-10-2014 04:47:03 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1ED430F3-0F33-4329-8A61-7AC05558B2F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {21540B83-8BC6-4F68-B1A4-33EE6BB7B7F6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15] (Adobe Systems Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {248374A7-3248-4846-9508-F0FF975F1699} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsav.exe [2013-08-14] (F-Secure Corporation)
Task: {2D49FC79-2B14-45FE-B1D1-99F3BB261C6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-12] (Google Inc.)
Task: {4E7C1C2D-544E-48A2-8FE9-33B4F9A31D51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-12] (Google Inc.)
Task: {4ECE0B99-9FE3-4853-81B2-AF9F3791212E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004UA => C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {4EF32613-46FD-4314-B23A-D02CE3818BF0} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {66134206-959B-4F98-A1C7-43182EB3F550} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {69B501D1-A4F2-4951-BCEC-42FB089233F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {A1C5F010-2E2B-4619-A89E-F83FDA59EF93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004Core => C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BB8C0BEF-F968-4C88-9FC5-67CB86D06BAF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {C31BFB01-BB6F-4ECD-84C1-05C5BA3A5394} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D334B828-CCF4-46F0-B23C-23B742F43455} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {DAA5A339-6122-4E60-BCE6-6DFB7759CC6B} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004Core.job => C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873026252-2686656759-1413732285-1004UA.job => C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\fsav.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-20 12:35 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2012-08-06 10:36 - 2012-08-06 10:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 23:13 - 2012-08-13 23:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-04-20 11:04 - 2011-12-05 11:18 - 02181632 _____ () C:\Program Files (x86)\7-PDF\7-PDF Maker\7p64.dll
2014-10-17 19:04 - 2014-10-17 19:04 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\2d56f4ed6abbf10d0fca06ab4fbfecc4\Windows.UI.ni.dll
2014-10-17 19:04 - 2014-10-17 19:04 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\5302e6ae12e0961cb58608b91c09e016\Windows.Data.ni.dll
2014-10-17 19:04 - 2014-10-17 19:04 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\19b3a0667450d039aa3ebef43d489fe7\Windows.Foundation.ni.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2873026252-2686656759-1413732285-500 - Administrator - Disabled)
Guest (S-1-5-21-2873026252-2686656759-1413732285-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2873026252-2686656759-1413732285-1003 - Limited - Enabled)
Lisa (S-1-5-21-2873026252-2686656759-1413732285-1001 - Administrator - Enabled) => C:\Users\lisaq_000
Work_2 (S-1-5-21-2873026252-2686656759-1413732285-1006 - Limited - Enabled) => C:\Users\Work_2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2014 09:40:48 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-10-21  09:40:38-04:00  LISALAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
 
Error: (10/21/2014 08:55:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/21/2014 08:55:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TBNotifier.exe, version: 31.10.3.0, time stamp: 0x542f0232
Faulting module name: TBNotifier.exe, version: 31.10.3.0, time stamp: 0x542f0232
Exception code: 0x40000015
Fault offset: 0x0011486c
Faulting process id: 0x2220
Faulting application start time: 0xTBNotifier.exe0
Faulting application path: TBNotifier.exe1
Faulting module path: TBNotifier.exe2
Report Id: TBNotifier.exe3
Faulting package full name: TBNotifier.exe4
Faulting package-relative application ID: TBNotifier.exe5
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15562
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/20/2014 07:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TBNotifier.exe, version: 31.10.3.0, time stamp: 0x542f0232
Faulting module name: TBNotifier.exe, version: 31.10.3.0, time stamp: 0x542f0232
Exception code: 0x40000015
Fault offset: 0x0011486c
Faulting process id: 0x4dc
Faulting application start time: 0xTBNotifier.exe0
Faulting application path: TBNotifier.exe1
Faulting module path: TBNotifier.exe2
Report Id: TBNotifier.exe3
Faulting package full name: TBNotifier.exe4
Faulting package-relative application ID: TBNotifier.exe5
 
Error: (10/20/2014 05:43:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LisaLaptop)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/20/2014 05:43:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 160c
 
Start Time: 01cfecaeaa95e06d
 
Termination Time: 4294967295
 
Application Path: C:\windows\system32\wwahost.exe
 
Report Id: fbf467b5-58a1-11e4-bece-ace7de08ca1d
 
Faulting package full name: Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: AppexFinance
 
Error: (10/20/2014 05:42:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LisaLaptop)
Description: App Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance did not launch within its allotted time.
 
 
System errors:
=============
Error: (10/20/2014 04:33:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/20/2014 04:33:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/20/2014 04:33:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/20/2014 04:33:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/19/2014 11:14:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (10/19/2014 03:00:28 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (10/19/2014 00:26:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/19/2014 00:12:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/19/2014 00:12:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/19/2014 00:07:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
 
Microsoft Office Sessions:
=========================
Error: (10/21/2014 09:40:48 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-10-21  09:40:38-04:00  LISALAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
 
Error: (10/21/2014 08:55:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/21/2014 08:55:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.3.0542f0232TBNotifier.exe31.10.3.0542f0232400000150011486c222001cfed2e4496ed78C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe8e567707-5921-11e4-bece-ace7de08ca1d
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15562
 
Error: (10/21/2014 00:24:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/20/2014 07:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.3.0542f0232TBNotifier.exe31.10.3.0542f0232400000150011486c4dc01cfecbd03273db5C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exea5343d63-58b0-11e4-bece-ace7de08ca1d
 
Error: (10/20/2014 05:43:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LisaLaptop)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927142
 
Error: (10/20/2014 05:43:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.16420160c01cfecaeaa95e06d4294967295C:\windows\system32\wwahost.exefbf467b5-58a1-11e4-bece-ace7de08ca1dMicrosoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbweAppexFinance
 
Error: (10/20/2014 05:42:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LisaLaptop)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 90%
Total physical RAM: 3980.21 MB
Available physical RAM: 384.77 MB
Total Pagefile: 7436.21 MB
Available Pagefile: 1277.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (TI10657300D) (Fixed) (Total:584.9 GB) (Free:220.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I apologize ma'am, as I should have warned you about the Windows 8 Safe Screen but it is good to know that your AV is working well.  Most AV do not like FRST because it is updated / changed frequently (sometimes several times a day) in an effort to stay effective against modern malware.

 

I see several things we need to take care of in logs; I will be back with instructions as soon as I can get them cleared with my adviser.


  • 0

#7
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi LisaQuing.

Thanks for the logs. Let's get cleaning shall we?

Uninstall programs

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Browser Extensions
Catalina Savings Printer
Duplicate Cleaner Free 3.1.5
Search App by Ask
Search Protection


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


Run Fixlist script

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2873026252-2686656759-1413732285-1001\...\Run: [SearchProtection] => "C:\Users\lisaq_000\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
C:\Users\lisaq_000\AppData\Roaming\Search Protection
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Users\lwagn_000\AppData\Local\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Users\lisaq_000\AppData\Local\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\ProgramData\APN
2014-10-17 20:59 - 2014-10-17 20:59 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-10-17 00:24 - 2014-08-01 18:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
C:\Users\lisaq_000\AppData\Local\Temp\72669uninstall.exe
C:\Users\lisaq_000\AppData\Local\Temp\APNSetup.exe
C:\Users\lisaq_000\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\lisaq_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmparwzgc.dll
C:\Users\lisaq_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\lisaq_000\AppData\Local\Temp\oi_{700ACC9C-6AD1-44C0-903C-65670CD73612}.exe
C:\Users\lisaq_000\AppData\Local\Temp\Quarantine.exe
C:\Users\lisaq_000\AppData\Local\Temp\sqlite3.dll
C:\Users\lisaq_000\AppData\Local\Temp\ssdl9520.exe
C:\Users\lisaq_000\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Work\AppData\Local\Temp\Scrivener-1720-update.exe
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait. So you will not be surprised at this, the tool will close your desktop, process the fix and then restart your computer; this is normal for the script commands used in your fix.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


A fresh FRST scan

Please run a fresh FRST scan following the Fixlist run.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • please select Addition.txt in the Optional Scans section.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because we asked the tool to it generated another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
AdwCleaner scan

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Things to let me see next
  • How did the uninstalls go?
  • The Fixlog.txt log file.
  • The fresh FRST and Addition log files.
  • The AdwCleaner[R#].txt log file.
  • As always, any questions or concerns you have.

  • 0

#8
LisaQuing

LisaQuing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi, thank you. I have worked on the Uninstall and will do the rest later. However, I had a couple of issues.

 

Browser Extensions - uninstalled
Catalina Savings Printer - is not in my list of Programs
Duplicate Cleaner Free 3.1.5 - uninstalled
Search App by Ask - during uninstall, I got the message: The recycle bin on C:/ is corrupted. Do you want to empty the Recycle bin for this drive? (Since I have NEVER seen a message like that before, I clicked "no" which did nothing. I clicked it several more times, but when the uninstall was complete, the error message went away.
Search Protection - When I clicked Uninstall for this one, I got the message: An error occurred when trying to uninstall Search Protection. It may have already been uninstalled. Would you like to remove Search Protetion from Programs and Features list? I clicked yes.

 

I also noticed a weird program in my unprivileged account and uninstalled it. It was called "Desktop Icon für Amazon" by CHIP.de. When I uninstalled it, I got this message: Icons wurden, sofern noch vorhanded, gelascht. 


  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you (as always) for the updates as you go along.  They tell a lot about what is happening.


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: powershell, malicious, searchnet.blinkx.core, fff5ee.com

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP