Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus warning scam


  • Please log in to reply

#31
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

The computer did not reboot after the first run.

 

Also, I had Chrome, IE, and Firefox browser on my computer. The first virus occurred when browsing in Chrome, and I haven't used Chrome since, After the second virus showed up when using Firefox, I uninstalled Firefox. The virus (identifies service provider, gives alleged customer service support number for Time-Warner) that came in via Chrome has now shown up on IE ... not right away, but as my wife was using IE earlier this afternoon

 

========== OTL ==========
Service Soluto stopped successfully!
Service Soluto deleted successfully!
C:\Windows\SysNative\drivers\Soluto.sys moved successfully.
========== FILES ==========
< sc delete Soluto /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\TomIlene\Desktop\cmd.bat deleted successfully.
C:\Users\TomIlene\Desktop\cmd.txt deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 01282015_145952

 

 

OTL logfile created on: 28/01/2015 3:02:14 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 43.54% Memory free
7.60 Gb Paging File | 5.22 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 255.01 Gb Free Space | 57.77% Space Free | Partition Type: NTFS
Drive E: | 244.63 Mb Total Space | 154.66 Mb Free Space | 63.22% Space Free | Partition Type: FAT
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/26 17:20:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/03/31 09:30:00 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/28 10:42:46 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_multiprocessing.pyd
MOD - [2015/01/28 10:42:46 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\hashobjs_ext.pyd
MOD - [2015/01/28 10:42:45 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ssl.pyd
MOD - [2015/01/28 10:42:45 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._windows_.pyd
MOD - [2015/01/28 10:42:45 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._gdi_.pyd
MOD - [2015/01/28 10:42:45 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_hashlib.pyd
MOD - [2015/01/28 10:42:45 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\PyWinTypes27.dll
MOD - [2015/01/28 10:42:44 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pdh.pyd
MOD - [2015/01/28 10:42:44 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pipe.pyd
MOD - [2015/01/28 10:42:42 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._controls_.pyd
MOD - [2015/01/28 10:42:42 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\unicodedata.pyd
MOD - [2015/01/28 10:42:40 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pyexpat.pyd
MOD - [2015/01/28 10:42:40 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32inet.pyd
MOD - [2015/01/28 10:42:40 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32event.pyd
MOD - [2015/01/28 10:42:40 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\select.pyd
MOD - [2015/01/28 10:42:37 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/28 10:42:37 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32gui.pyd
MOD - [2015/01/28 10:42:37 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32file.pyd
MOD - [2015/01/28 10:42:37 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32security.pyd
MOD - [2015/01/28 10:42:37 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ctypes.pyd
MOD - [2015/01/28 10:42:37 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32profile.pyd
MOD - [2015/01/28 10:42:35 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_elementtree.pyd
MOD - [2015/01/28 10:42:34 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._html2.pyd
MOD - [2015/01/28 10:42:34 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_socket.pyd
MOD - [2015/01/28 10:42:32 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32api.pyd
MOD - [2015/01/28 10:42:30 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._core_.pyd
MOD - [2015/01/28 10:42:30 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pysqlite2._sqlite.pyd
MOD - [2015/01/28 10:42:30 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32com.shell.shell.pyd
MOD - [2015/01/28 10:42:30 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32ts.pyd
MOD - [2015/01/28 10:42:28 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pythoncom27.dll
MOD - [2015/01/28 10:42:27 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._animate.pyd
MOD - [2015/01/28 10:42:24 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._misc_.pyd
MOD - [2015/01/28 10:42:22 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32crypt.pyd
MOD - [2015/01/28 10:42:20 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._wizard.pyd
MOD - [2015/01/28 10:42:14 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32process.pyd
MOD - [2015/01/24 16:26:06 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/01/24 16:25:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/27 11:50:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/15 20:15:38 | 000,347,200 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 17:34:18 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/01/24 16:26:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/01/24 16:26:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/24 16:25:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 18:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/28 10:19:08 | 000,000,000 | ---D | C] -- C:\sk2cv280
[2015/01/28 10:17:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/27 11:50:32 | 004,070,576 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\Desktop\wininit
[2015/01/25 00:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2015/01/25 00:00:29 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vbox
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\vbox
[2015/01/24 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2015/01/24 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/01/24 16:26:39 | 000,116,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:38 | 000,436,624 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:38 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:38 | 000,087,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:36 | 001,050,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/24 16:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/24 03:28:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:25:23 | 000,763,912 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\windows\SysNative\HPDiscoPM7112.dll
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:35:33 | 000,897,960 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:35:33 | 000,818,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/01/23 11:05:58 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
[2015/01/14 10:49:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2015/01/14 10:49:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2015/01/14 10:49:06 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/01/14 10:49:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/01/14 10:49:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/01/14 10:49:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/01/14 10:49:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/01/14 10:49:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2014/12/31 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/28 15:00:50 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/28 15:00:50 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/28 15:00:50 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/28 15:00:43 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/28 14:59:37 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/28 14:59:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/28 14:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/28 13:54:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/28 11:00:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/28 10:50:00 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 10:50:00 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 10:40:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 21:20:53 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2015/01/27 11:50:40 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/01/27 11:50:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/27 11:50:32 | 004,070,576 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 17:24:16 | 000,000,359 | ---- | M] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/25 02:12:51 | 000,775,124 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/24 16:52:37 | 000,021,976 | ---- | M] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:12 | 000,267,632 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:10 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/24 16:26:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 15:45:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/24 09:51:53 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2015/01/23 11:04:26 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:04:20 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:04:19 | 000,897,960 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:04:19 | 000,818,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/27 21:20:53 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | C] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/24 16:52:37 | 000,021,976 | ---- | C] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:39 | 000,267,632 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:38 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:38 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========

< End of report >


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Sorry for the delay.  I think I lost your reply.  I don't see any reason you should be getting odd messages tho you do have some odd stuff in Chrome.  No sure what it is.  Which browser are you using and which site did you go to?  Can you take a screen shot of the message if it shows up again?

 

 
Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].
 
Open Microsoft Paint (All Programs, Accessories,Paint).
 
Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.
 
 
Go to the File Menu and choose Save As.
 
Navigate to the folder where you want to save the image.  (Desktop)
 
Type a file name for the image: message
 
Select a file type. jpeg 
 
Click the Save button.
 
Attach message.jpg to your Reply. (More Reply Options, Choose File, highlight message.jpg and Open.  Attach this File.)
 
 
 

  • 0

#33
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I've been running Internet Explorer since last week.

 

When I tried to open Chrome just now I got a page with the virus scam IP address (the one the geekstogo system deleted from my first post), and a white screen error message "Resource not found." I closed that tab, and Chrome, and was then able to open Chrome with no problem.

 

Here's an OTL log from a Scan I ran earlier today with your last post's info in the code box (/md5Start, Rtlihvs.dll, /md5stop).

 

OTL logfile created on: 28/01/2015 3:02:14 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 43.54% Memory free
7.60 Gb Paging File | 5.22 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 255.01 Gb Free Space | 57.77% Space Free | Partition Type: NTFS
Drive E: | 244.63 Mb Total Space | 154.66 Mb Free Space | 63.22% Space Free | Partition Type: FAT
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/26 17:20:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/03/31 09:30:00 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/28 10:42:46 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_multiprocessing.pyd
MOD - [2015/01/28 10:42:46 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\hashobjs_ext.pyd
MOD - [2015/01/28 10:42:45 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ssl.pyd
MOD - [2015/01/28 10:42:45 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._windows_.pyd
MOD - [2015/01/28 10:42:45 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._gdi_.pyd
MOD - [2015/01/28 10:42:45 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_hashlib.pyd
MOD - [2015/01/28 10:42:45 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\PyWinTypes27.dll
MOD - [2015/01/28 10:42:44 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pdh.pyd
MOD - [2015/01/28 10:42:44 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pipe.pyd
MOD - [2015/01/28 10:42:42 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._controls_.pyd
MOD - [2015/01/28 10:42:42 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\unicodedata.pyd
MOD - [2015/01/28 10:42:40 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pyexpat.pyd
MOD - [2015/01/28 10:42:40 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32inet.pyd
MOD - [2015/01/28 10:42:40 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32event.pyd
MOD - [2015/01/28 10:42:40 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\select.pyd
MOD - [2015/01/28 10:42:37 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/28 10:42:37 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32gui.pyd
MOD - [2015/01/28 10:42:37 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32file.pyd
MOD - [2015/01/28 10:42:37 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32security.pyd
MOD - [2015/01/28 10:42:37 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ctypes.pyd
MOD - [2015/01/28 10:42:37 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32profile.pyd
MOD - [2015/01/28 10:42:35 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_elementtree.pyd
MOD - [2015/01/28 10:42:34 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._html2.pyd
MOD - [2015/01/28 10:42:34 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_socket.pyd
MOD - [2015/01/28 10:42:32 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32api.pyd
MOD - [2015/01/28 10:42:30 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._core_.pyd
MOD - [2015/01/28 10:42:30 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pysqlite2._sqlite.pyd
MOD - [2015/01/28 10:42:30 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32com.shell.shell.pyd
MOD - [2015/01/28 10:42:30 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32ts.pyd
MOD - [2015/01/28 10:42:28 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pythoncom27.dll
MOD - [2015/01/28 10:42:27 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._animate.pyd
MOD - [2015/01/28 10:42:24 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._misc_.pyd
MOD - [2015/01/28 10:42:22 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32crypt.pyd
MOD - [2015/01/28 10:42:20 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._wizard.pyd
MOD - [2015/01/28 10:42:14 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32process.pyd
MOD - [2015/01/24 16:26:06 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/01/24 16:25:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/27 11:50:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/15 20:15:38 | 000,347,200 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 17:34:18 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/01/24 16:26:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/01/24 16:26:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/24 16:25:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 18:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/28 10:19:08 | 000,000,000 | ---D | C] -- C:\sk2cv280
[2015/01/28 10:17:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/27 11:50:32 | 004,070,576 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\Desktop\wininit
[2015/01/25 00:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2015/01/25 00:00:29 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vbox
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\vbox
[2015/01/24 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2015/01/24 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/01/24 16:26:39 | 000,116,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:38 | 000,436,624 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:38 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:38 | 000,087,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:36 | 001,050,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/24 16:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/24 03:28:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:25:23 | 000,763,912 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\windows\SysNative\HPDiscoPM7112.dll
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:35:33 | 000,897,960 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:35:33 | 000,818,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/01/23 11:05:58 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
[2015/01/14 10:49:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2015/01/14 10:49:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2015/01/14 10:49:06 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/01/14 10:49:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/01/14 10:49:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/01/14 10:49:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/01/14 10:49:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/01/14 10:49:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2014/12/31 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/28 15:00:50 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/28 15:00:50 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/28 15:00:50 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/28 15:00:43 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/28 14:59:37 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/28 14:59:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/28 14:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/28 13:54:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/28 11:00:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/28 10:50:00 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 10:50:00 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 10:40:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 21:20:53 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2015/01/27 11:50:40 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/01/27 11:50:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/27 11:50:32 | 004,070,576 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 17:24:16 | 000,000,359 | ---- | M] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/25 02:12:51 | 000,775,124 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/24 16:52:37 | 000,021,976 | ---- | M] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:12 | 000,267,632 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:10 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/24 16:26:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 15:45:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/24 09:51:53 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2015/01/23 11:04:26 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:04:20 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:04:19 | 000,897,960 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:04:19 | 000,818,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/27 21:20:53 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | C] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/24 16:52:37 | 000,021,976 | ---- | C] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:39 | 000,267,632 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:38 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:38 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========

< End of report >


  • 0

#34
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

And to answer your other question, I don't know which job site in IE she was on when it showed up, but hasn't shown since. I'll get a screen print if it does.


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

 In Chrome:

 

  1. Click the icon that looks like three stacked lines at the top right of the browser window. ...
  2. Select 'Settings' in the drop-down menu. ...
  3. Click on 'Show advanced settings' at the bottom of the Web page. ...
  4. Select 'Reset browser settings' at the bottom of the page.

Close Chrome

 

Then run OTL quickscan.  I expect to see a much cleaner Chrome without all of the off no name extensions.


  • 0

#36
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

OTL logfile created on: 30/01/2015 7:09:55 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 44.76% Memory free
7.60 Gb Paging File | 4.82 Gb Available in Paging File | 63.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 251.39 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive E: | 244.63 Mb Total Space | 154.66 Mb Free Space | 63.22% Space Free | Partition Type: FAT
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/26 17:20:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/03/31 09:30:00 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/28 10:42:46 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_multiprocessing.pyd
MOD - [2015/01/28 10:42:46 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\hashobjs_ext.pyd
MOD - [2015/01/28 10:42:45 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ssl.pyd
MOD - [2015/01/28 10:42:45 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._windows_.pyd
MOD - [2015/01/28 10:42:45 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._gdi_.pyd
MOD - [2015/01/28 10:42:45 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_hashlib.pyd
MOD - [2015/01/28 10:42:45 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\PyWinTypes27.dll
MOD - [2015/01/28 10:42:44 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pdh.pyd
MOD - [2015/01/28 10:42:44 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pipe.pyd
MOD - [2015/01/28 10:42:42 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._controls_.pyd
MOD - [2015/01/28 10:42:42 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\unicodedata.pyd
MOD - [2015/01/28 10:42:40 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pyexpat.pyd
MOD - [2015/01/28 10:42:40 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32inet.pyd
MOD - [2015/01/28 10:42:40 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32event.pyd
MOD - [2015/01/28 10:42:40 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\select.pyd
MOD - [2015/01/28 10:42:37 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/28 10:42:37 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32gui.pyd
MOD - [2015/01/28 10:42:37 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32file.pyd
MOD - [2015/01/28 10:42:37 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32security.pyd
MOD - [2015/01/28 10:42:37 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ctypes.pyd
MOD - [2015/01/28 10:42:37 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32profile.pyd
MOD - [2015/01/28 10:42:35 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_elementtree.pyd
MOD - [2015/01/28 10:42:34 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._html2.pyd
MOD - [2015/01/28 10:42:34 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_socket.pyd
MOD - [2015/01/28 10:42:32 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32api.pyd
MOD - [2015/01/28 10:42:30 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._core_.pyd
MOD - [2015/01/28 10:42:30 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pysqlite2._sqlite.pyd
MOD - [2015/01/28 10:42:30 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32com.shell.shell.pyd
MOD - [2015/01/28 10:42:30 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32ts.pyd
MOD - [2015/01/28 10:42:28 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pythoncom27.dll
MOD - [2015/01/28 10:42:27 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._animate.pyd
MOD - [2015/01/28 10:42:24 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._misc_.pyd
MOD - [2015/01/28 10:42:22 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32crypt.pyd
MOD - [2015/01/28 10:42:20 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._wizard.pyd
MOD - [2015/01/28 10:42:14 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32process.pyd
MOD - [2015/01/24 16:26:06 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/01/24 16:25:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/27 11:50:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/15 20:15:38 | 000,347,200 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 17:34:18 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/01/24 16:26:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/01/24 16:26:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/24 16:25:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 18:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/28 10:19:08 | 000,000,000 | ---D | C] -- C:\sk2cv280
[2015/01/28 10:17:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/26 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\Desktop\wininit
[2015/01/25 00:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2015/01/25 00:00:29 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vbox
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\vbox
[2015/01/24 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2015/01/24 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/01/24 16:26:39 | 000,116,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:38 | 000,436,624 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:38 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:38 | 000,087,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:36 | 001,050,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/24 16:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/24 03:28:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/30 19:04:27 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/30 19:04:27 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/30 19:04:27 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/30 19:03:14 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/30 19:03:14 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/30 19:03:14 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/30 19:03:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/30 15:19:33 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/30 11:43:35 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/30 11:43:35 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/30 11:18:45 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/28 10:40:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 21:20:53 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | M] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/25 02:12:51 | 000,775,124 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/24 16:52:37 | 000,021,976 | ---- | M] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:12 | 000,267,632 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:10 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/24 16:26:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 15:45:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/24 09:51:53 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/27 21:20:53 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | C] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/24 16:52:37 | 000,021,976 | ---- | C] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:39 | 000,267,632 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:38 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:38 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/24 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2011/08/08 11:58:34 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Book Place
[2014/08/28 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Dropbox
[2012/07/24 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\funkitron
[2012/10/11 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Shop to Win 31
[2014/08/25 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Soluto
[2014/09/10 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Super Optimizer
[2015/01/26 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Teleca
[2011/08/05 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Tific
[2012/04/12 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Toshiba
[2012/07/24 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\WildTangent
[2011/08/01 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

That didn't change a thing.  

 

I wonder if all of the unnamed stuff comes from Google Drive?  I would have thought we would have at least gotten rid of the Java Plugin.

 

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

 

It's out of date anyway.  In Chrome type:

 

chrome://plugins/

 

and hit Enter.  This should open the page where you can delete individual plugins

 

Find the Java™ Platform SE 6 U31  and click on the Disable button.

 

Let's delete this file:

C:\Users\TomIlene\AppData\Local\EmieBrowserModeList

 

If you don't know how we can let OTL do it:

 

Copy the text in the code box by highlighting and Ctrl + c

 
 
 
:files
C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 
Use Chrome and go to adblockplus.org  and click on Install for Chrome.  This will install a really nice add-on which will kill off most ads. You will get a setup page.  I usually uncheck the allow some well behaved ads option and also check the block malware option.
 
Repeat for IE and also Firefox.  (IE requires a full program to block ads so expect a longer download and you will need to give it permission to install.)
 
I would get rid of the spybot hosts file.  Half the entries in are no good and it slows your PC down a lot.  Easiest way is HostsXpert:
 
Download HostsXpert from http://www.majorgeek...hostsxpert.html Save the file then right click and Extract All.  It will create a new folder in the same place.  In the folder find HostsXpert.exe and right click on it and Run As Administrator.
 
It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file.  Click on the Make Read Only? entry then close HostXpert.  Run OTL again and let's see if the hosts file is happy now.
 

  • 0

#38
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I've disabled the Java Platform in Chrome.

 

I was able to delete EmieBrowserModeList without using OTL, so I don't have a log to post from the Fix run (I can do this if you need to see a log confirming the file deletion). 

 

I've downloaded adblockplus for Chrome and IE (for now I'm leaving Firefox off the machine, but I'll get adblockplus for it if I do decide to try it again).

 

Downloaded Hostsxpert from majorgeek and executed the Make Read Only instruction. The OTL log follows.

 

OTL logfile created on: 31/01/2015 10:49:11 AM - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 38.56% Memory free
7.60 Gb Paging File | 4.30 Gb Available in Paging File | 56.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 247.62 Gb Free Space | 56.10% Space Free | Partition Type: NTFS
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/26 17:20:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/25 01:08:45 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/28 10:42:46 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_multiprocessing.pyd
MOD - [2015/01/28 10:42:46 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\hashobjs_ext.pyd
MOD - [2015/01/28 10:42:45 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ssl.pyd
MOD - [2015/01/28 10:42:45 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._windows_.pyd
MOD - [2015/01/28 10:42:45 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._gdi_.pyd
MOD - [2015/01/28 10:42:45 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_hashlib.pyd
MOD - [2015/01/28 10:42:45 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\PyWinTypes27.dll
MOD - [2015/01/28 10:42:44 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pdh.pyd
MOD - [2015/01/28 10:42:44 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32pipe.pyd
MOD - [2015/01/28 10:42:42 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._controls_.pyd
MOD - [2015/01/28 10:42:42 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\unicodedata.pyd
MOD - [2015/01/28 10:42:40 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pyexpat.pyd
MOD - [2015/01/28 10:42:40 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32inet.pyd
MOD - [2015/01/28 10:42:40 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32event.pyd
MOD - [2015/01/28 10:42:40 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\select.pyd
MOD - [2015/01/28 10:42:37 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/28 10:42:37 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32gui.pyd
MOD - [2015/01/28 10:42:37 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32file.pyd
MOD - [2015/01/28 10:42:37 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32security.pyd
MOD - [2015/01/28 10:42:37 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_ctypes.pyd
MOD - [2015/01/28 10:42:37 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32profile.pyd
MOD - [2015/01/28 10:42:35 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_elementtree.pyd
MOD - [2015/01/28 10:42:34 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._html2.pyd
MOD - [2015/01/28 10:42:34 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\_socket.pyd
MOD - [2015/01/28 10:42:32 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32api.pyd
MOD - [2015/01/28 10:42:30 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._core_.pyd
MOD - [2015/01/28 10:42:30 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pysqlite2._sqlite.pyd
MOD - [2015/01/28 10:42:30 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32com.shell.shell.pyd
MOD - [2015/01/28 10:42:30 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32ts.pyd
MOD - [2015/01/28 10:42:28 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\pythoncom27.dll
MOD - [2015/01/28 10:42:27 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._animate.pyd
MOD - [2015/01/28 10:42:24 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._misc_.pyd
MOD - [2015/01/28 10:42:22 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32crypt.pyd
MOD - [2015/01/28 10:42:20 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\wx._wizard.pyd
MOD - [2015/01/28 10:42:14 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI41002\win32process.pyd
MOD - [2015/01/25 01:08:43 | 014,913,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
MOD - [2015/01/25 01:08:41 | 009,170,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
MOD - [2015/01/25 01:08:37 | 001,117,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
MOD - [2015/01/25 01:08:35 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
MOD - [2015/01/24 16:26:06 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/01/24 16:25:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/27 11:50:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/15 20:15:38 | 000,347,200 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 17:34:18 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/01/24 16:26:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/01/24 16:26:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/24 16:25:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 18:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 8 U31 (Disabled) = C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Disabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
CHR - plugin: Java Deployment Toolkit 8.0.310.13 (Disabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.10_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2015/01/31 10:47:28 | 000,000,698 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/31 10:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2015/01/28 10:19:08 | 000,000,000 | ---D | C] -- C:\sk2cv280
[2015/01/28 10:17:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/27 11:50:32 | 004,070,576 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\Desktop\wininit
[2015/01/25 00:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2015/01/25 00:00:29 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vbox
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\vbox
[2015/01/24 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2015/01/24 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/01/24 16:26:39 | 000,116,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:38 | 000,436,624 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:38 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:38 | 000,087,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:36 | 001,050,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/24 16:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/24 03:28:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:25:23 | 000,763,912 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\windows\SysNative\HPDiscoPM7112.dll
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:35:33 | 000,897,960 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:35:33 | 000,818,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/01/23 11:05:58 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/14 10:49:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2015/01/14 10:49:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2015/01/14 10:49:06 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/01/14 10:49:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/01/14 10:49:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/01/14 10:49:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/01/14 10:49:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/01/14 10:49:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/31 10:54:05 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/31 10:43:31 | 000,001,256 | ---- | M] () -- C:\Users\TomIlene\Desktop\HostsXpert - Shortcut.lnk
[2015/01/31 10:35:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/31 10:23:57 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/31 10:23:57 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/31 10:05:59 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/31 10:05:59 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/31 10:05:59 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/31 10:05:17 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/31 10:04:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/30 15:19:33 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/30 11:18:45 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/28 10:40:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 21:20:53 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2015/01/27 11:50:40 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/01/27 11:50:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/27 11:50:32 | 004,070,576 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/26 17:24:16 | 000,000,359 | ---- | M] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/25 02:12:51 | 000,775,124 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/24 16:52:37 | 000,021,976 | ---- | M] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:12 | 000,267,632 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:10 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/24 16:26:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 15:45:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/24 09:51:53 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2015/01/23 11:04:26 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:04:20 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:04:19 | 000,897,960 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:04:19 | 000,818,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/31 10:43:31 | 000,001,256 | ---- | C] () -- C:\Users\TomIlene\Desktop\HostsXpert - Shortcut.lnk
[2015/01/27 21:20:53 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | C] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/24 16:52:37 | 000,021,976 | ---- | C] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:39 | 000,267,632 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:38 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:38 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Actually it looks like Firefox is or has been on the PC from the log.  It's finding a Firefox profile anyway.

 

If the problem happens again try and get the URL of the page where it happens.  It might help to make sure popups are turned off:

 

In Chrome:

  1. In the top-right corner of the browser window, click the Chrome menu Chrome menu.
    Select Settings.
    Click Show advanced settings.
    Under "Privacy," click the Content settings button.
    Under "Pop-ups," select Do not allow any site to show pop-ups (recommended).
     
    In IE
     
    open Internet Explorer, Click on the gear in the upper right, then click Internet Options.
    Click the Privacy tab, 
    Make sure  Block pop-ups is Checked.  OK..
     

  • 0

#40
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Chrome and IE pop-up blocking confirmed.

 

Should I worry about the Firefox profile, or leave it there?

 

Would you recommend uninstalling Spybot? I'm assuming you will recommend getting CryptoPrevent from foolishIT.com.

 

Lastly, may I assume the viruses are cleaned up now?


  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

I am no longer a fan of Spybot.  They were good back in XP days but not so good now.  Feel free to uninstall.

 

No sign of any viruses in the latest logs.

 

Cryptoprevent is in my goodbye post.  If we have no more problems then it is time to clean up:

 

 
Copy the following:
 
 
:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
 
Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
 
That will get the last of the malware off the system.
 
 
 
You can uninstall or delete any tools we had you download and their logs. 
 
If we ran Combofix:To uninstall combofix, copy the next line:
 
"%userprofile%\Desktop\combofix.exe" /Uninstall
 
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
 
 
 
OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
 
To hide hidden files again:
 
Vista or Win7
 
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the  checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer. 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
 Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
 
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.
 
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 0

#42
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Uninstalledf Spybot - completed OTL Fix run for [CLEARALLRESTOREPOINTS] - deleted utilities and logs - I now have AVAST, Perfect Updater, and CryptoPrevent - hiddenfiles re-hidden - running current Flash and Acrobat (Javascript disabled) - leaving Firefox uninstalled at this point - don't use P2P programs - Java updated, security level reset to highest - Windows update is good.

 

Only issue is getting to encryption info on the Ubee web site for my wireless router ... and when I try to see if I have a current driver, I get:

 

 
Need a Driver?

You can download the USB driver for all DOCSIS 2.0 products (DDW2600, U10C018, and U10C022) by clicking here.

Note:  These are 32-bit drivers for Windows only (no 64-bit support and no Mac support).  For Internet access, it is strongly recommended that Ethernet (or Wi-Fi if supported) be used instead of the USB client port due to slower speeds and USB driver incompatibility issues.

 

 

 

As you know, I'm running a 64-bit, so ?

 

 

Other than that, you have my heartfelt thanks for the expertise and patience required to get my computer squared away and virus-free. Kwiaht looks like a very worthy environmental effort. Thank you again.


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Not sure what you are looking for.  I found the Ubee site but they want to know what cable provider.


  • 0

#44
tominnc06

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

At Ubee, they ask for your provider, then present a page listing the equipment they've sold/provided to that provider. When I click on the wireless router's model number, I got the message I pasted in previous message.

 

Also, when you say change my router password, I'm assuming it's also known as the network password.


  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Are you connecting via  USB or via Ethernet or Wireless to the Ubee?  The drivers are only if you use USB.  

 

Normally when you connect to your router you will need to log on.  The idea is that the logon should not be the default logon and password put on by the manufacturer since those are well known and we don't want an infection on your PC, logging on to the router and making changes.  If you don't really have your own router - just this Ubee stuff which is apparently provided by your ISP then you can ignore the advice.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP