Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus warning scam

Started by tominnc06 , Jan 23 2015 01:39 PM

  • Please log in to reply

#16
RKinner
Posted 26 January 2015 - 02:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
when I tried to run the Application procedure, I received "Run-time error '75': Path/File access error.

 

 

You forgot to right click and Run As Admin.  We are going to run it again so don't bother doing it yet.

 

 

Uninstall TOSHIBA PC Health Monitor  - it's causing errors.  If you need it you can download a new copy from Toshiba's website.  While there get a new copy of your wireless driver and reinstall it.

 

Uninstall Soluto 

 

Right click on Computer and select manage then Device Manager.  Click on View then Show Hidden Devices.  Look for yellow marked entries.  Probably in Non Plug and Play Drivers.  (Click on the arrow in front to open it)  Right click on any you find and Delete or Uninstall.

 

Download the attached wininit.zip file and save it.  Right click on it and Extract All which should give you wininit.reg.  Right click on it and merge.

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Run VEW again as before for both system and application.  Remember to right click and Run As Admin.

 


  • 0

Advertisements

#17
tominnc06
Posted 26 January 2015 - 05:58 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Not letting me uninstall Soluto: after I click 'yes' when it asks if I want to allow updating of software on this computer, nothing happens, and Soluto remains on the program list. I've done this multiple times.

 

Also, re: wireless driver, am I updating the Atheros Ethetnet Driver, or the Realtek WLAN Driver?

 

I've stopped before reboot in your instructions.


  • 0

#18
RKinner
Posted 26 January 2015 - 06:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Copy the next two lines:

sc delete SolutoLauncherService
sc delete SolutoRemoteService

Start, Programs, Accessories then right click on Command Prompt and Run As Admin.  Hit Enter.

 

If you don't get an error that should be good enough with Soluto.

 

 

 

 

 

 

;Realtek WLAN Driver  is what you want.  Atheros is your wired connection.

 

Also uninstall Bonjour which is not working.  You will get a new one next time you update an Apple product.


  • 0

#19
tominnc06
Posted 26 January 2015 - 11:38 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Bonjour has been uninstalled. When I run Administrator Command Prompt, I get:

 

C:\windows\system32>sc delete SolutoLauncherService

[SC] OpenService FAILED 1060:

 

The specified service does not exist as an installed service.

 

C:\windows\system32>sc delete SolutoRemoteService


  • 0

#20
RKinner
Posted 27 January 2015 - 07:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

What happens with the second one?

 

sc delete SolutoRemoteService

 

(Did you hit Enter?)


  • 0

#21
tominnc06
Posted 27 January 2015 - 12:03 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I get the same message :

 

FAILED 1060:

 

The specified service does not exist as an installed service.


  • 0

#22
RKinner
Posted 27 January 2015 - 12:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run a new FRST scan and let's see if Soluto is really still around.


  • 0

#23
tominnc06
Posted 27 January 2015 - 04:26 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Here are the FRST logs.

 

Soluto is still shown in the program listing when I call up the Control Panel. Also, why are there errors for Spybot, when I uninstalled it successfully - something left behind?

 

Are you a fan or a resident of Orcas Island? 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by TomIlene (administrator) on TOMILENE-PC on 27-01-2015 17:08:54
Running from C:\Users\TomIlene\Downloads
Loaded Profiles: TomIlene (Available profiles: TomIlene)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873288 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-08-29] ()
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [Google Update] => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-08] (Google Inc.)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...1I7TSNF_enUS443
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/O1DPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
FF HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,
CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2011-08-04]
CHR Extension: (Google Tasks (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2011-10-06]
CHR Extension: (Google Calendar) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2011-09-01]
CHR Extension: (Digital Clock) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-06-07]
CHR Extension: (Avast Online Security) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
CHR Extension: (Do Not Disturb!) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-06-26]
CHR Extension: (Clearly) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-09-19]
CHR Extension: (My Browser Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-12-05]
CHR Extension: (HuffingtonPost NewsGlide) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef [2011-08-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR Extension: (Sooner) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm [2011-10-06]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2011-08-04]
CHR Extension: (Google Wallet) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Neat Bookmarks) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp [2011-08-04]
CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [pdjaaibbgfdnolpgkmgbdebhhpddkokk] - C:\Users\TomIlene\AppData\Roaming\Shop to Win 31\Toolbar_production_100573_31.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-28] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 11:50 - 2015-01-27 11:50 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 18:51 - 2015-01-26 18:51 - 00000000 ____D () C:\Users\TomIlene\Desktop\wininit
2015-01-26 18:41 - 2015-01-26 18:41 - 00003304 _____ () C:\windows\System32\Tasks\{A962BB5D-766F-46F3-BF77-952D554DEEE9}
2015-01-26 18:14 - 2015-01-26 18:14 - 00000197 _____ () C:\windows\system32\2015-01-26-23-14-37.096-AvastVBoxSVC.exe-5868.log
2015-01-26 17:52 - 2015-01-26 17:52 - 00001229 _____ () C:\Users\TomIlene\Desktop\Fix Instr 3.txt
2015-01-26 17:24 - 2015-01-26 17:24 - 00000359 _____ () C:\Users\TomIlene\Desktop\wininit.zip
2015-01-26 14:43 - 2015-01-26 14:43 - 00003743 _____ () C:\Users\TomIlene\Desktop\VEW2.txt
2015-01-26 13:40 - 2015-01-26 13:40 - 00000197 _____ () C:\windows\system32\2015-01-26-18-40-20.029-AvastVBoxSVC.exe-3668.log
2015-01-26 11:13 - 2015-01-26 11:13 - 00008039 _____ () C:\Users\TomIlene\Desktop\Applications VEW.txt
2015-01-26 11:11 - 2015-01-26 11:11 - 00001851 _____ () C:\Users\TomIlene\Desktop\VEW.txt
2015-01-26 10:45 - 2015-01-26 14:32 - 00003743 _____ () C:\VEW.txt
2015-01-26 10:43 - 2015-01-26 10:43 - 00061440 _____ ( ) C:\Users\TomIlene\Desktop\VEW.exe
2015-01-26 10:30 - 2015-01-26 10:30 - 00000197 _____ () C:\windows\system32\2015-01-26-15-30-01.038-AvastVBoxSVC.exe-2500.log
2015-01-26 10:09 - 2015-01-26 10:19 - 00008121 _____ () C:\Users\TomIlene\Desktop\System Idle Process.txt
2015-01-26 10:02 - 2015-01-26 10:02 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\TomIlene\Downloads\procexp.exe
2015-01-26 09:53 - 2015-01-26 09:53 - 00002313 _____ () C:\Users\TomIlene\Desktop\Fix Instr 2.txt
2015-01-25 15:25 - 2015-01-25 15:25 - 00000197 _____ () C:\windows\system32\2015-01-25-20-25-35.070-AvastVBoxSVC.exe-3032.log
2015-01-25 12:35 - 2015-01-25 12:35 - 00043382 _____ () C:\Users\TomIlene\Desktop\FRST.txt
2015-01-25 12:33 - 2015-01-26 13:47 - 00037036 _____ () C:\Users\TomIlene\Downloads\Addition.txt
2015-01-25 12:31 - 2015-01-27 17:08 - 00025781 _____ () C:\Users\TomIlene\Downloads\FRST.txt
2015-01-25 12:26 - 2015-01-25 12:27 - 00000636 _____ () C:\Users\TomIlene\Desktop\JRT.txt
2015-01-25 09:09 - 2015-01-25 09:09 - 00000197 _____ () C:\windows\system32\2015-01-25-14-09-01.079-AvastVBoxSVC.exe-3016.log
2015-01-25 00:06 - 2015-01-25 00:06 - 00000000 ____D () C:\windows\ERUNT
2015-01-25 00:02 - 2015-01-25 00:02 - 01707939 _____ (Thisisu) C:\Users\TomIlene\Downloads\JRT.exe
2015-01-25 00:00 - 2015-01-27 17:08 - 00000000 ____D () C:\FRST
2015-01-25 00:00 - 2015-01-25 00:00 - 02129920 _____ (Farbar) C:\Users\TomIlene\Downloads\FRST64.exe
2015-01-24 19:59 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-59-27.019-aswFe.exe-3940.log
2015-01-24 19:49 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-49-39.082-aswFe.exe-5620.log
2015-01-24 19:49 - 2015-01-24 19:49 - 00000197 _____ () C:\windows\system32\2015-01-25-00-49-31.071-AvastVBoxSVC.exe-2992.log
2015-01-24 16:52 - 2015-01-24 16:52 - 00021976 _____ () C:\windows\system32\Drivers\SPPD.sys
2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\SysWOW64\vbox
2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\system32\vbox
2015-01-24 16:27 - 2015-01-24 16:27 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Roaming\AVAST Software
2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-24 16:26 - 2015-01-26 13:41 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-24 16:26 - 2015-01-24 16:26 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-01-24 16:26 - 2015-01-24 16:26 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00087912 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-01-24 16:26 - 2015-01-24 16:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2015-01-24 16:26 - 2015-01-24 16:26 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-01-24 16:25 - 2015-01-24 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 16:22 - 2015-01-24 16:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-24 10:03 - 2015-01-24 10:04 - 132469808 _____ (AVAST Software) C:\Users\TomIlene\Downloads\avast_free_antivirus_setup.exe
2015-01-24 03:28 - 2015-01-24 03:31 - 00000000 ____D () C:\AdwCleaner
2015-01-24 03:12 - 2015-01-24 03:12 - 00124330 _____ () C:\Users\TomIlene\Desktop\OTL.Txt
2015-01-23 14:53 - 2015-01-23 14:53 - 00118080 _____ () C:\Users\TomIlene\Documents\Computer Virus Warning, OTL.Txt
2015-01-23 14:09 - 2015-01-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\TomIlene\Desktop\OTL.exe
2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Evernote
2015-01-23 13:18 - 2015-01-23 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 12:25 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7112.dll
2015-01-23 12:24 - 2015-01-23 12:24 - 00000000 ____D () C:\Program Files\HP
2015-01-23 12:23 - 2015-01-23 12:23 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-23 11:35 - 2015-01-23 11:04 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2015-01-23 11:35 - 2015-01-23 11:04 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-23 11:05 - 2015-01-23 11:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-22 14:55 - 2015-01-22 14:55 - 00000000 __SHD () C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
2015-01-15 13:28 - 2015-01-15 13:28 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-14 10:49 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 10:49 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 10:49 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 10:49 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:49 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 10:49 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 10:49 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 11:41 - 2015-01-13 11:41 - 00030194 _____ () C:\Users\TomIlene\Downloads\1421163004.html
2015-01-12 10:54 - 2015-01-12 10:54 - 12927067 _____ () C:\Users\TomIlene\Downloads\20150110_113404.mp4
2015-01-07 11:35 - 2015-01-07 11:35 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (4).xlsx
2015-01-07 11:35 - 2015-01-07 11:35 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (3).xlsx
2015-01-07 11:32 - 2015-01-07 11:32 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (2).xlsx
2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule.xlsx
2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (1).xlsx
2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-31 12:45 - 2014-12-31 12:46 - 16409960 _____ (Safer Networking Limited ) C:\Users\TomIlene\Downloads\spybotsd162 (2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 17:01 - 2014-08-08 18:56 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
2015-01-27 17:01 - 2010-10-14 23:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 17:00 - 2012-04-16 07:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 15:22 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-27 15:20 - 2012-02-14 12:13 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{83EECBD0-378C-413E-A84D-0137D0FD82C4}
2015-01-27 15:20 - 2011-07-29 00:36 - 01741875 _____ () C:\windows\WindowsUpdate.log
2015-01-27 15:19 - 2010-10-14 23:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 13:18 - 2012-07-24 18:04 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-27 13:18 - 2011-07-29 00:58 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-27 12:10 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 12:10 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 12:02 - 2014-08-08 18:56 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
2015-01-27 11:50 - 2012-04-16 07:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 11:50 - 2012-04-16 07:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 11:50 - 2011-11-09 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 21:11 - 2013-10-24 16:09 - 00000000 ___RD () C:\Users\TomIlene\Google Drive
2015-01-26 21:11 - 2013-10-24 15:21 - 00002001 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-26 21:11 - 2013-10-24 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 18:44 - 2012-02-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-01-26 18:10 - 2014-09-25 16:04 - 00000000 ___RD () C:\Users\TomIlene\iCloudDrive
2015-01-26 18:10 - 2012-11-14 09:21 - 00012170 _____ () C:\windows\setupact.log
2015-01-26 18:10 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 17:23 - 2010-10-14 22:53 - 00000000 ____D () C:\Program Files\TOSHIBA
2015-01-25 02:12 - 2011-09-13 16:24 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-24 16:39 - 2010-10-14 23:32 - 00574224 _____ () C:\windows\PFRO.log
2015-01-24 15:46 - 2011-08-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-24 15:45 - 2011-09-13 16:24 - 00001945 _____ () C:\windows\epplauncher.mif
2015-01-24 02:49 - 2011-08-03 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 01:17 - 2012-11-28 12:34 - 00003970 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
2015-01-23 13:18 - 2010-10-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 13:06 - 2014-07-08 12:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\HP
2015-01-23 13:04 - 2014-07-08 12:02 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-23 12:25 - 2014-07-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-23 12:24 - 2014-07-08 12:00 - 00000000 ____D () C:\ProgramData\HP
2015-01-23 11:42 - 2011-07-29 00:43 - 00032904 _____ () C:\windows\DPINST.LOG
2015-01-23 11:36 - 2013-11-14 18:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 11:36 - 2012-06-27 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 11:04 - 2014-08-16 15:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-15 13:32 - 2014-09-25 16:05 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\592F94FA-5DCE-4604-B5A4-57E4BD30ECF2.aplzod
2015-01-15 12:34 - 2013-08-07 09:51 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 12:11 - 2011-08-08 12:11 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 14:29 - 2011-10-25 12:18 - 00000000 ____D () C:\Users\TomIlene\Documents\Outlook Files
2015-01-08 09:55 - 2011-08-04 09:40 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-28 03:29 - 2011-08-01 20:26 - 00000000 ____D () C:\windows\System32\Tasks\Games

==================== Files in the root of some directories =======

2011-08-03 11:43 - 2011-08-03 11:43 - 13685936 _____ (Mozilla) C:\Program Files\Firefox Setup 5.0.1.exe
2014-07-08 12:27 - 2014-07-08 12:27 - 0001004 _____ () C:\Users\TomIlene\AppData\Roaming\ConvAPIPlugin.log
2012-08-16 01:04 - 2012-08-16 01:04 - 0000017 _____ () C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
2015-01-23 12:23 - 2015-01-23 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-08 12:00 - 2014-07-08 12:28 - 0000960 _____ () C:\ProgramData\hpzinstall.log
2013-08-31 15:22 - 2013-08-31 15:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\TomIlene\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\TomIlene\AppData\Local\Temp\procexp64.exe
C:\Users\TomIlene\AppData\Local\Temp\Quarantine.exe
C:\Users\TomIlene\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-27 17:08

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by TomIlene at 2015-01-27 17:11:40
Running from C:\Users\TomIlene\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
App Client version 2.57 (HKLM-x32\...\{B28D9C36-91CF-4DDD-A114-B78F27FEDCCF}}_is1) (Version: 2.57 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.49.0 - Symantec Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shop To Win (HKLM-x32\...\{1220BDA0-E418-4789-BFF5-072062B29D01}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)
Shop to Win 31 (HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Shop to Win 31) (Version:  - )
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Soluto (HKLM\...\{3D221DF4-18AB-4876-A825-57E2D2CC2429}) (Version: 1.3.1444.0 - Soluto)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.5.60 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.2 - WildTangent)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

24-10-2014 10:38:37 Windows Update
30-10-2014 12:49:48 Windows Update
02-11-2014 17:38:03 Windows Update
06-11-2014 01:19:53 Windows Update
09-11-2014 16:29:51 Windows Update
12-11-2014 12:35:15 Windows Update
16-11-2014 14:00:14 Windows Update
19-11-2014 15:39:19 Windows Update
19-11-2014 23:49:27 Windows Update
24-11-2014 18:12:21 Windows Update
28-11-2014 00:59:15 Windows Update
01-12-2014 17:35:00 Windows Update
05-12-2014 02:21:41 Windows Update
09-12-2014 09:45:02 Windows Update
11-12-2014 11:16:46 Windows Update
13-12-2014 09:13:23 Windows Update
17-12-2014 14:20:04 Windows Update
19-12-2014 10:11:55 Windows Update
23-12-2014 10:16:26 Windows Update
26-12-2014 16:04:01 Windows Update
30-12-2014 01:15:08 Windows Update
02-01-2015 11:00:37 C
03-01-2015 08:23:27 Windows Update
06-01-2015 12:12:53 Windows Update
09-01-2015 16:37:34 Windows Update
13-01-2015 11:03:31 Windows Update
15-01-2015 12:10:06 Windows Update
19-01-2015 12:07:31 Windows Update
22-01-2015 14:50:29 C
23-01-2015 11:41:24 Removed HTC Driver Installer.
23-01-2015 11:49:20 C
23-01-2015 13:24:31 Windows Update
24-01-2015 16:25:00 avast! antivirus system restore point
25-01-2015 02:07:48 Windows Update
26-01-2015 17:22:29 Removed TOSHIBA PC Health Monitor.
26-01-2015 17:52:56 Removed Soluto
26-01-2015 17:53:53 Removed Soluto
26-01-2015 18:06:09 Removed Soluto
26-01-2015 18:06:47 Removed Soluto
26-01-2015 18:07:17 Removed Soluto
26-01-2015 18:14:39 Removed Soluto
26-01-2015 18:17:13 Removed Soluto
26-01-2015 18:39:10 Removed Soluto
26-01-2015 18:43:06 Removed HTC Sync.
26-01-2015 18:45:22 Removed Soluto
26-01-2015 18:54:45 Removed Soluto
26-01-2015 19:04:06 Removed Soluto
27-01-2015 00:28:19 Removed Bonjour
27-01-2015 00:35:47 Removed Soluto

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-08-11 22:38 - 00434097 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BE04743-17AA-4857-B017-D609D0B0575B} - System32\Tasks\{83EF2759-EF39-4807-A920-6C1BACD5FA1D} => pcalua.exe -a "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads\documentstogopro7006-en.exe" -d "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads"
Task: {106510A5-C9BA-41DF-BD58-283306415073} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {1DC69D13-7876-4654-B4AE-973430DE9805} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {315242EF-15A3-40A6-81B3-61BD412DA754} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
Task: {44ACCCA2-B485-4FFC-A4E5-49EFB15B3377} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-28] (Symantec Corporation)
Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {54F5C15D-5961-40D9-807C-D1C1B6DE5E92} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {69574AE5-47BD-4AB1-A2D9-FDE01983FAD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft..../?LinkId=116866
Task: {71909F83-451C-492E-844B-37B616F32DD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-24] (AVAST Software)
Task: {7393C912-0485-48C7-9780-1A79EA538960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8512FBC1-0871-4633-B6CC-1DDEC1FA3417} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {995FBF71-5898-4304-8361-8216FE777133} - System32\Tasks\{12D77EA9-5EE1-4830-8B68-ADED66A1B417} => pcalua.exe -a C:\Users\TomIlene\Downloads\CAInstall.exe -d C:\windows\system32
Task: {CC2B3965-4ED3-43CE-8FD0-18DF706D677B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EFB9825D-5A54-4D89-864C-72BCE297F0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA1CECB1-9B78-46EA-A12F-A88E25EE2466} - System32\Tasks\{A962BB5D-766F-46F3-BF77-952D554DEEE9} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 08:23 - 2014-08-29 08:23 - 00048640 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-08-29 08:23 - 2014-08-29 08:23 - 01158144 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-08-29 08:23 - 2014-08-29 08:23 - 00253440 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-08-29 08:23 - 2014-08-29 08:23 - 00109056 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2015-01-24 16:25 - 2015-01-24 16:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-24 16:25 - 2015-01-24 16:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-26 13:39 - 2015-01-26 13:39 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll
2015-01-24 16:25 - 2015-01-24 16:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-27 15:52 - 2015-01-27 15:52 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012701\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-24 16:26 - 2015-01-24 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 00098816 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32api.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00110080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\pywintypes27.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 00364544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\pythoncom27.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 00045568 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_socket.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 01160704 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_ssl.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00320512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32com.shell.shell.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00713216 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_hashlib.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 01175040 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._core_.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00805888 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._gdi_.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00811008 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._windows_.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 01062400 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._controls_.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00735232 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._misc_.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00557056 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\pysqlite2._sqlite.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00128512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_elementtree.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00127488 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\pyexpat.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00087552 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_ctypes.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00119808 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32file.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00108544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32security.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00007168 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\hashobjs_ext.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00167936 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32gui.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00018432 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32event.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00038912 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32inet.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00011264 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32crypt.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00070656 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._html2.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00027136 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\_multiprocessing.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00035840 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32process.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00686080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\unicodedata.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00122368 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._wizard.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00024064 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32pipe.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00025600 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32pdh.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00525640 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\windows._lib_cacheinvalidation.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00010240 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\select.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00017408 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32profile.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00022528 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\win32ts.pyd
2015-01-26 21:11 - 2015-01-26 21:11 - 00078336 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI79042\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1743895207-3571410941-3749681116-500 - Administrator - Disabled)
Guest (S-1-5-21-1743895207-3571410941-3749681116-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1743895207-3571410941-3749681116-1002 - Limited - Enabled)
TomIlene (S-1-5-21-1743895207-3571410941-3749681116-1000 - Administrator - Enabled) => C:\Users\TomIlene

==================== Faulty Device Manager Devices =============

Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 05:01:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 03:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0b14f268
Faulting process id: 0x1b5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/27/2015 03:35:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0b14f268
Faulting process id: 0x1b5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/27/2015 03:19:55 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 11:50:25 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 01:30:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/27/2015 00:21:43 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/26/2015 10:53:06 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/26/2015 09:09:15 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

System errors:
=============
Error: (01/27/2015 05:00:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/27/2015 03:19:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/26/2015 09:09:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Microsoft Office Sessions:
=========================
Error: (01/27/2015 05:01:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 03:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000041d0b14f2681b5c01d03a6ed1c11370C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown1357b897-a664-11e4-aae0-60eb6994e782

Error: (01/27/2015 03:35:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050b14f2681b5c01d03a6ed1c11370C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown10f5910f-a664-11e4-aae0-60eb6994e782

Error: (01/27/2015 03:19:55 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 11:50:25 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/27/2015 01:30:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/27/2015 00:21:43 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/26/2015 10:53:06 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (01/26/2015 09:09:15 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key

CodeIntegrity Errors:
===================================
  Date: 2012-09-24 16:17:09.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-24 15:42:02.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-20 18:50:49.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-20 13:45:59.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-19 18:56:39.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-19 16:27:59.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-19 16:19:26.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-18 14:06:34.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-18 13:55:16.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-18 12:46:30.401
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3893.86 MB
Available physical RAM: 1604.9 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4751.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106033W0C) (Fixed) (Total:441.41 GB) (Free:255.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:0.24 GB) (Free:0.15 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31E79F94)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=441.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.9 GB) - (Type=17)

========================================================
Disk: 1 (Size: 245 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#24
RKinner
Posted 27 January 2015 - 04:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Error: (01/27/2015 05:00:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

 

Probably why we can't remove the Soluto service.  Usually this is just a hard drive error.  Let's hope the following fixes it.
 
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 

  • 0

#25
tominnc06
Posted 27 January 2015 - 09:50 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/01/2015 10:46:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:44:57 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with

DCOM within the required timeout.

Log: 'System' Date/Time: 28/01/2015 3:44:44 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/01/2015 3:44:27 AM
Type: Error Category: 0
Event: 13 Source: ACPI
: The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC

hardware or firmware or that the BIOS is accessing the EC incorrectly.

You should check with your computer manufacturer for an upgraded BIOS. In

some situations, this error may cause the computer to function

incorrectly.

Log: 'System' Date/Time: 28/01/2015 2:22:56 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Soluto PCGenome Core Service service failed to start due to the

following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 28/01/2015 2:22:55 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\windows

\system32\Rtlihvs.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:44:50 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the

configured DNS servers responded.

Log: 'System' Date/Time: 28/01/2015 2:23:04 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot

\UMB\2&37c186b&1&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_0.4#20051536410540203B17&

0#.

Log: 'System' Date/Time: 27/01/2015 11:18:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/01/2015 10:49:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2015 3:44:27 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2015 3:44:37 AM
Type: Warning Category: 0
Event: 4006 Source: Microsoft-Windows-Winlogon
The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: c:\program files\soluto\soluto.exe /userinit.


  • 0

Advertisements

#26
RKinner
Posted 27 January 2015 - 09:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC
hardware or firmware or that the BIOS is accessing the EC incorrectly.
You should check with your computer manufacturer for an upgraded BIOS. In
some situations, this error may cause the computer to function
incorrectly.

 

 

Looks like we need a new BIOS.  What make and mode is the PC?  

 

Can you run an OTL Quickscan and post the log?

 

 


  • 0

#27
tominnc06
Posted 27 January 2015 - 10:26 PM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I'm on a Toshiba laptop, Model PSK2CU-0QR033.

 

OTL logfile created on: 27/01/2015 11:08:35 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 36.47% Memory free
7.60 Gb Paging File | 4.92 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 255.27 Gb Free Space | 57.83% Space Free | Partition Type: NTFS
Drive E: | 244.63 Mb Total Space | 154.66 Mb Free Space | 63.22% Space Free | Partition Type: FAT
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/26 17:20:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/03/31 09:30:00 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/27 22:44:46 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_ssl.pyd
MOD - [2015/01/27 22:44:46 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._controls_.pyd
MOD - [2015/01/27 22:44:46 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._windows_.pyd
MOD - [2015/01/27 22:44:46 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._gdi_.pyd
MOD - [2015/01/27 22:44:46 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_hashlib.pyd
MOD - [2015/01/27 22:44:46 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\unicodedata.pyd
MOD - [2015/01/27 22:44:46 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\PyWinTypes27.dll
MOD - [2015/01/27 22:44:46 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_multiprocessing.pyd
MOD - [2015/01/27 22:44:46 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32pdh.pyd
MOD - [2015/01/27 22:44:46 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32pipe.pyd
MOD - [2015/01/27 22:44:46 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\hashobjs_ext.pyd
MOD - [2015/01/27 22:44:45 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\pysqlite2._sqlite.pyd
MOD - [2015/01/27 22:44:45 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/27 22:44:45 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32gui.pyd
MOD - [2015/01/27 22:44:45 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_elementtree.pyd
MOD - [2015/01/27 22:44:45 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\pyexpat.pyd
MOD - [2015/01/27 22:44:45 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32file.pyd
MOD - [2015/01/27 22:44:45 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32security.pyd
MOD - [2015/01/27 22:44:45 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32api.pyd
MOD - [2015/01/27 22:44:45 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_ctypes.pyd
MOD - [2015/01/27 22:44:45 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._html2.pyd
MOD - [2015/01/27 22:44:45 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\_socket.pyd
MOD - [2015/01/27 22:44:45 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32inet.pyd
MOD - [2015/01/27 22:44:45 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32event.pyd
MOD - [2015/01/27 22:44:45 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32profile.pyd
MOD - [2015/01/27 22:44:45 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\select.pyd
MOD - [2015/01/27 22:44:44 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._core_.pyd
MOD - [2015/01/27 22:44:44 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._misc_.pyd
MOD - [2015/01/27 22:44:44 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\pythoncom27.dll
MOD - [2015/01/27 22:44:44 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32com.shell.shell.pyd
MOD - [2015/01/27 22:44:44 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._animate.pyd
MOD - [2015/01/27 22:44:44 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32ts.pyd
MOD - [2015/01/27 22:44:42 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\wx._wizard.pyd
MOD - [2015/01/27 22:44:42 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32crypt.pyd
MOD - [2015/01/27 22:44:41 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI46282\win32process.pyd
MOD - [2015/01/24 16:26:06 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2015/01/24 16:26:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/01/24 16:25:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/27 11:50:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/15 20:15:38 | 000,347,200 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 17:34:18 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/01/24 16:26:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/24 16:26:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/01/24 16:26:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/24 16:25:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/28 14:09:10 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 18:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2015/01/26 09:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/26 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\Desktop\wininit
[2015/01/25 00:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2015/01/25 00:00:29 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vbox
[2015/01/24 16:27:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\vbox
[2015/01/24 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2015/01/24 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/01/24 16:26:39 | 000,116,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:38 | 000,436,624 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:38 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:38 | 000,087,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:36 | 001,050,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/24 16:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/24 03:28:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
[2014/12/31 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/27 23:00:47 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/27 22:54:41 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/27 22:48:24 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/27 22:48:24 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/27 22:48:24 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/27 22:44:37 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/27 22:44:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/27 22:44:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/27 21:30:23 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/27 21:30:23 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/27 21:21:35 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 21:20:53 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2015/01/27 12:02:58 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/26 21:11:31 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2015/01/26 17:24:16 | 000,000,359 | ---- | M] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/25 02:12:51 | 000,775,124 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/24 16:52:37 | 000,021,976 | ---- | M] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:56 | 000,087,912 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2015/01/24 16:26:55 | 001,050,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2015/01/24 16:26:12 | 000,436,624 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/01/24 16:26:12 | 000,267,632 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:12 | 000,116,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/01/24 16:26:12 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2015/01/24 16:26:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/01/24 16:26:10 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/24 16:26:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2015/01/24 15:45:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/24 09:51:53 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/27 21:20:53 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2015/01/26 17:24:16 | 000,000,359 | ---- | C] () -- C:\Users\TomIlene\Desktop\wininit.zip
[2015/01/26 10:43:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\TomIlene\Desktop\VEW.exe
[2015/01/24 16:52:37 | 000,021,976 | ---- | C] () -- C:\windows\SysNative\drivers\SPPD.sys
[2015/01/24 16:27:02 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/24 16:26:39 | 000,267,632 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/01/24 16:26:38 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/01/24 16:26:38 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/24 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\AVAST Software
[2011/08/08 11:58:34 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Book Place
[2014/08/28 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Dropbox
[2012/07/24 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\funkitron
[2012/10/11 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Shop to Win 31
[2014/08/25 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Soluto
[2014/09/10 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Super Optimizer
[2015/01/26 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Teleca
[2011/08/05 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Tific
[2012/04/12 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\Toshiba
[2012/07/24 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\WildTangent
[2011/08/01 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\TomIlene\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#28
RKinner
Posted 27 January 2015 - 11:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) -  File not found
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01272015-some number.log so look there if you don't see it.
 
Toshiba has several BIOS upgrades avaialble so let's get the newest:
 
Go to:
 
 
Click on Drivers and Updates
 
Filter by: BIOS
 
Click on the top one which should be:
 
ACPI Flash BIOS version 2.80 for Satellite L655 (PSK2CU/PSK2GU)
 
Then on Download.  Save the file then right click and Run As Admin.
 
Once it updates:
 
After the update completes, the computer will automatically shut down or restart.
Power on the computer if it is off.
While the "Toshiba" LOGO is displayed, press the F2 function key to start BIOS Setup.
Check the version of BIOS and press the F9 function key then Enter to load setup defaults.
Press the F10 function key then Enter to save settings and exit. The computer will automatically reboot.
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
Then run VEW and let's see if we have new errors.

  • 0

#29
tominnc06
Posted 28 January 2015 - 10:03 AM

tominnc06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Inadvertently ran OTL as Scan, then ran as Fix .

 

 

========== OTL ==========
Service SolutoService stopped successfully!
Service SolutoService deleted successfully!
File C:\Program Files\Soluto\SolutoService.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\soluto\soluto.exe /userinit deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01282015_101713

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/01/2015 10:49:39 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:41:28 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  Soluto

Log: 'System' Date/Time: 28/01/2015 3:41:08 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:41:29 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_0.4#20051536410540203B17&0#.

Log: 'System' Date/Time: 28/01/2015 3:40:16 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

 

Saw the WLAN error, hadn't updated Wi-Fi driver yet, so downloaded new Wi-Fi driver from Toshiba, ran VEW again, with same result.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/01/2015 10:54:58 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:41:28 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  Soluto

Log: 'System' Date/Time: 28/01/2015 3:41:08 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2015 3:41:29 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_0.4#20051536410540203B17&0#.

Log: 'System' Date/Time: 28/01/2015 3:40:16 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


  • 0

#30
RKinner
Posted 28 January 2015 - 10:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I missed a driver.

 

Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
DRV:64bit: - [2013/08/28 14:09:10 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
 
:FILES
sc delete Soluto /c
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL may not reboot the PC when it is done. 
 
For the missing WLAN file let's let OTL look for it:
 
 

This time we do hit SCAN.

 

Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
Rtlihvs.dll 
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP