Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"PC Booster" Removal

malware removal

  • Please log in to reply

#1
lazerbear

lazerbear

    New Member

  • Member
  • Pip
  • 3 posts

Hi! This is a family computer and my mother just downloaded Adobe Reader XI. It apparently came with a program called "PC Booster" which, for some reason, she did not recognize as suspicious. Upon startup of the computer, it pops up with a message saying "WARNING Your PC may be at Risk". It only gives me the options to scan or fix the PC. This program does not show up in the task manager and once opened displays a page listing programs which are "risks" to the computer, such as printer drivers and other often used processes. at some point between 3 and 6 hours of using the computer, the notification finally disappeared. The program also just blocked usage of Java because it is "out of date", and therefore a risk. It has also attempted to redirect me to a page to get a free scan for my PC, immediately after notifying me that I have a Trojan downloaded. I rummaged through the C drive in order to view what specific files had been manipulated when. It turns out that Adobe Reader, PC Booster, and a link to Cut the Rope at Andromenda Games were all downloaded at the same time.  The search engine and homepage were also changed to Andromenda. The files for PC Booster can be found in a folder titled "Portable Booster". I am able to operate the computer, but it pops up every so often with notifications, and the "WARNING" page will not go away.  What should I do? I'm running Windows 7 Home Premium (64-bit) on a Toshiba Portege 830-ST3N01 laptop. Thank you in advance!

 

OTL logfile created on: 10/24/2014 8:29:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 39.16% Memory free
7.81 Gb Paging File | 4.59 Gb Available in Paging File | 58.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.00 Gb Total Space | 478.36 Gb Free Space | 81.91% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/24 20:28:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2014/09/21 06:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
PRC - [2014/09/20 04:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/28 17:37:54 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/06/28 17:37:36 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/01/12 00:38:14 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2013/11/27 20:49:32 | 000,899,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012/04/23 01:12:50 | 000,142,664 | ---- | M] (AuthenTec Inc.) -- C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
PRC - [2011/05/19 10:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe
PRC - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/15 15:01:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/27 20:49:48 | 000,178,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2013/11/27 20:49:46 | 000,034,632 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2013/11/27 20:49:44 | 000,149,832 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2013/11/27 20:49:42 | 000,016,200 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2013/11/27 20:49:42 | 000,015,176 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2013/11/27 20:49:40 | 000,024,904 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2013/11/27 20:49:40 | 000,017,224 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2013/11/27 20:49:38 | 000,239,944 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2013/11/27 20:49:38 | 000,040,264 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2013/11/27 20:49:38 | 000,026,952 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2013/11/27 20:49:36 | 000,125,256 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2013/11/27 20:49:34 | 000,092,488 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2013/11/27 20:49:34 | 000,018,760 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2013/11/27 20:48:32 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2013/11/26 11:34:40 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012/04/23 01:12:54 | 000,423,240 | ---- | M] () -- C:\Program Files\AuthenTec TrueSuite\x86\DataManager.dll
MOD - [2011/04/20 18:49:26 | 000,978,944 | ---- | M] () -- C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/18 10:19:34 | 008,616,080 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/23 01:12:34 | 000,296,776 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService)
SRV:64bit: - [2010/12/09 20:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/07 16:21:36 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/07 16:08:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/07 16:06:58 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/16 13:18:12 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/11/11 20:26:22 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/17 13:14:34 | 000,531,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2014/10/22 14:04:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 06:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/20 04:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe -- (NCO)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/06/28 17:37:54 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/12 00:38:14 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/11/26 11:35:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 17:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/09/15 15:01:20 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/04/12 13:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/22 13:40:50 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/08/25 22:26:58 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 22:26:57 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 22:26:56 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS64.sys -- (SymDS)
DRV:64bit: - [2014/08/25 22:20:22 | 000,876,248 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/02/20 19:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/27 15:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/27 07:18:04 | 001,073,200 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2011/01/27 11:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/28 17:18:16 | 000,099,328 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/25 13:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/04 00:15:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/12/02 12:49:08 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 14:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 14:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/18 19:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/12 22:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2014/10/22 20:43:54 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141023.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/16 19:03:11 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141016.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/08/26 22:08:33 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/26 22:08:32 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys -- (EraserUtilDrv11410)
DRV - [2014/08/11 03:41:57 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.025\ex64.sys -- (NAVEX15)
DRV - [2014/08/11 03:41:55 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.025\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {46CE4FAD-69B6-48CF-99F6-BA3D64451E5B}
IE:64bit: - HKLM\..\SearchScopes\{46CE4FAD-69B6-48CF-99F6-BA3D64451E5B}: "URL" = http://rocket-find.c...r=1548066392=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {84E0009B-399B-4703-B1E2-2DF2153FF0DF}
IE - HKLM\..\SearchScopes\{84E0009B-399B-4703-B1E2-2DF2153FF0DF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...or={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se..._Dmntr&tsp=4974
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...1I7TSNF_enUS431
IE - HKCU\..\SearchScopes\{84E0009B-399B-4703-B1E2-2DF2153FF0DF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{CB3FBE35-36F2-4DF7-B668-88E6518F3A03}: "URL" = https://www.bing.com...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files\AuthenTec TrueSuite\npffwloplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/06/28 17:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/06/28 17:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014/10/22 13:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn\ [2014/10/22 13:44:09 | 000,000,000 | ---D | M]
 
[2014/01/07 16:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/12/16 14:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/06 14:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/06 14:01:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/08/14 09:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (ZenSearch) - {EC740D8D-BAA6-4BAF-9183-2406AB943D3A} - C:\Program Files (x86)\ZenSearch\IeZenSearch_x64.dll (ZenSearch ApS)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - No CLSID value found.
O2 - BHO: (ZenSearch) - {EC740D8D-BAA6-4BAF-9183-2406AB943D3A} - C:\Program Files (x86)\ZenSearch\IeZenSearch.dll (ZenSearch ApS)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [KeepSafe] C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe (Authentec)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FromDocToPDF_65 Browser Plugin Loader 64] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe File not found
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [DelTr178309563] cmd.exe /c rd /s /q  "C:\Users\Mom\AppData\Roaming\WSE_Astromenda" File not found
O4 - HKCU..\RunOnce: [DelTr178309485] cmd.exe /c rd /s /q  "C:\Users\Mom\AppData\Roaming\WSE_Astromenda" File not found
O4 - HKCU..\RunOnce: [WSE_Astromenda]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O9 - Extra 'Tools' menuitem : &Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: k12.fl.us ([angel.sarasota] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07BD8ADF-96E1-4219-96F5-AB346029F1B6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20b7c0bb-7cb6-11e0-b047-e89d878e8923}\Shell - "" = AutoRun
O33 - MountPoints2\{20b7c0bb-7cb6-11e0-b047-e89d878e8923}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{56d1c24f-e7a6-11e1-87fa-e89d878e8923}\Shell - "" = AutoRun
O33 - MountPoints2\{56d1c24f-e7a6-11e1-87fa-e89d878e8923}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{92f0d6f9-8fb3-11e1-8763-e89d878e8923}\Shell - "" = AutoRun
O33 - MountPoints2\{92f0d6f9-8fb3-11e1-8763-e89d878e8923}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cde68a0d-bec8-11e1-97f6-e89d878e8923}\Shell - "" = AutoRun
O33 - MountPoints2\{cde68a0d-bec8-11e1-97f6-e89d878e8923}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/24 20:28:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2014/10/23 13:20:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/23 13:20:48 | 000,000,000 | -HSD | C] -- \Config.Msi
[2014/10/23 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\WSE_Astromenda
[2014/10/23 13:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portable Booster
[2014/10/23 13:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCBooster
[2014/10/22 13:40:50 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/22 13:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/10/22 13:38:08 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.sys
[2014/10/22 13:38:08 | 000,876,248 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys
[2014/10/22 13:38:08 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\symnets.sys
[2014/10/22 13:38:08 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymDS64.sys
[2014/10/22 13:38:08 | 000,266,968 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\Ironx64.sys
[2014/10/22 13:38:08 | 000,037,592 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys
[2014/10/22 13:38:08 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymELAM.sys
[2014/10/22 13:38:07 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys
[2014/10/22 13:37:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/10/22 13:37:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1506000.020
[2014/10/22 13:37:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/10/22 13:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/10/22 13:23:11 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.sys
[2014/10/22 13:23:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2014/10/22 13:23:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64
[2014/10/22 13:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2014/10/22 13:23:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64\7DE07080.017
[2012/11/06 11:11:43 | 000,763,416 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
[2012/10/08 16:57:05 | 062,509,312 | ---- | C] (AuthenTec, Inc.                                                ) -- C:\Program Files\premium64_5-2-2-62.exe
[2012/02/28 21:29:09 | 071,279,472 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe
[2012/02/05 10:24:05 | 000,944,264 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2012/01/30 17:38:47 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Mom\AppData\Local\log4cxx.dll
[2011/12/05 09:39:13 | 000,642,424 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\utorrent.exe
[2 C:\Users\Mom\Desktop\*.tmp files -> C:\Users\Mom\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/24 20:28:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2014/10/24 20:11:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/24 20:11:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/24 15:26:17 | 000,165,376 | ---- | M] () -- C:\Users\Mom\Desktop\SystemLook_x64.exe
[2014/10/24 14:18:01 | 000,000,065 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\WB.CFG
[2014/10/24 13:59:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/23 13:21:58 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/10/23 13:18:20 | 000,000,266 | ---- | M] () -- C:\Users\Mom\Desktop\Cut the Rope.url
[2014/10/23 12:11:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/23 12:10:00 | 000,000,398 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2014/10/22 13:42:58 | 002,688,357 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/22 13:42:31 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 13:42:31 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 13:40:50 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/22 13:40:50 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/22 13:40:50 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/22 13:40:44 | 000,002,362 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/10/22 13:36:23 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/22 13:36:23 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/22 13:36:23 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/22 13:32:53 | 000,001,309 | ---- | M] () -- C:\Users\Mom\Desktop\Norton Installation Files.lnk
[2014/10/22 13:31:47 | 3145,273,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/19 09:49:29 | 000,418,376 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/14 12:44:28 | 000,048,844 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2 C:\Users\Mom\Desktop\*.tmp files -> C:\Users\Mom\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/24 15:26:07 | 000,165,376 | ---- | C] () -- C:\Users\Mom\Desktop\SystemLook_x64.exe
[2014/10/23 16:52:05 | 000,000,065 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\WB.CFG
[2014/10/23 13:21:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/10/23 13:21:58 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/10/23 13:18:18 | 000,000,266 | ---- | C] () -- C:\Users\Mom\Desktop\Cut the Rope.url
[2014/10/23 12:17:12 | 000,048,844 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/22 13:41:04 | 002,688,357 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/22 13:40:50 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/22 13:40:50 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/22 13:40:44 | 000,002,362 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/10/22 13:37:48 | 000,030,068 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymVTcer.dat
[2014/10/22 13:37:48 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymELAM64.cat
[2014/10/22 13:37:48 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.cat
[2014/10/22 13:37:48 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.cat
[2014/10/22 13:37:48 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symnet64.cat
[2014/10/22 13:37:48 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymDS64.cat
[2014/10/22 13:37:48 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.cat
[2014/10/22 13:37:48 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.cat
[2014/10/22 13:37:48 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\iron.cat
[2014/10/22 13:37:48 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymEFA.inf
[2014/10/22 13:37:48 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymDS.inf
[2014/10/22 13:37:48 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\SymNet.inf
[2014/10/22 13:37:48 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.inf
[2014/10/22 13:37:48 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.inf
[2014/10/22 13:37:48 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symELAM.inf
[2014/10/22 13:37:48 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.inf
[2014/10/22 13:37:48 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Iron.inf
[2014/10/22 13:37:48 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2014/10/22 13:23:06 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.cat
[2014/10/22 13:23:06 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.inf
[2014/10/22 13:23:05 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07080.017\isolate.ini
[2014/10/22 13:10:37 | 000,001,309 | ---- | C] () -- C:\Users\Mom\Desktop\Norton Installation Files.lnk
[2014/01/28 18:11:48 | 000,000,000 | ---- | C] () -- \install.rdf
[2012/12/11 13:16:53 | 000,003,303 | ---- | C] () -- C:\windows\BRPARAM.INI
[2012/12/11 13:14:57 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2012/12/11 13:14:20 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/12/11 13:14:11 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/09/30 16:07:01 | 000,000,632 | RHS- | C] () -- C:\Users\Mom\ntuser.pol
[2012/09/18 19:30:31 | 000,004,096 | -H-- | C] () -- C:\Users\Mom\AppData\Local\keyfile3.drm
[2012/08/01 13:13:16 | 000,184,700 | ---- | C] () -- \torrent.exe
[2012/06/25 12:18:47 | 000,060,304 | ---- | C] () -- C:\Users\Mom\g2mdlhlpx.exe
[2012/02/13 12:26:39 | 000,047,251 | ---- | C] () -- C:\Program Files\Hex_edit_exe_1.0.25.zip
[2012/01/30 17:38:47 | 000,094,208 | ---- | C] () -- C:\Users\Mom\AppData\Local\common_functions.dll
[2011/12/20 11:31:27 | 044,914,040 | ---- | C] () -- C:\Program Files\calibre-0.8.31.msi
[2011/09/02 07:08:50 | 000,102,400 | ---- | C] () -- C:\Users\Mom\AppData\Local\ie_runner_app.exe
[2011/06/02 21:05:59 | 016,876,872 | ---- | C] () -- C:\Users\Mom\winzip155.exe
[2011/04/30 04:04:09 | 3145,273,344 | -HS- | C] () -- \hiberfil.sys
[2011/01/04 22:20:26 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/01/04 22:20:24 | 000,383,562 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/23 13:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\0F1L1I1PtF1F1C1N
[2011/06/01 19:32:26 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AlderGames
[2014/01/28 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\BabSolution
[2013/08/14 09:06:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012/08/06 15:07:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\BitTorrent
[2011/06/02 21:09:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Book Place
[2011/12/20 12:15:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\calibre
[2011/07/13 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Catalina Marketing Corp
[2012/12/11 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ControlCenter4
[2014/03/17 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FreeFileViewer
[2013/04/15 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\funkitron
[2014/04/30 09:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GoodSync
[2013/04/15 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\InstallX, LLC
[2014/03/11 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\KeepSafe
[2014/01/28 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MyPhoneExplorer
[2012/12/11 13:07:36 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Nuance
[2011/06/02 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenCandy
[2012/06/22 12:46:15 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PCCUStubInstaller
[2011/12/20 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Sammsoft
[2014/08/27 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Systweak
[2012/05/10 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Tific
[2011/12/16 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TomTom
[2011/06/02 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Toshiba
[2014/05/22 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\uTorrent
[2014/01/28 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2011/05/10 11:01:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WinBatch
[2011/07/30 15:17:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Windows Live Writer
[2014/10/23 13:18:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WSE_Astromenda
[2011/07/02 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\YoudaGames
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#2
lazerbear

lazerbear

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Also, I ran a full system scan and a targeted folder scan on "Portable Booster" with Norton's 360, but both said that there were no threats. I'm especially worried because I have researched "PC Booster" malware and have found that not only is it fairly common, but it also can perform actions such as accessing financial information.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP