Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows 8 very slow and drops wi-fi [Solved]


  • This topic is locked This topic is locked
18 replies to this topic

#1 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 27 July 2014 - 10:03 AM

Hi. The forum volunteers have helped me in the past with viruses and malware on my Windows computer and I'd like some assistance cleaning up my wife's Windows 8 machine.

 

Startup and Wakeup are very slow, and even when it's been up and running for a long time, things periodically come to a screeching halt with some process or other tying up the CPU almost completely.

 

In additioin, it frequently drops its wi-fi connection to our Verizon router (it's the only machine in the house that seems to have this problem).

 

I ran Hijack This and pasted my logfile below. When it ran, Hijack This complained about write access to a file name "Hosts" being denied. I have no idea whether this is normal.

Here's my log file:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:46 PM, on 7/27/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Heather\Desktop\malware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...03ddf7e7d&sspv=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN33D160QX0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update lookinglink - Unknown owner - C:\Program Files (x86)\lookinglink\updatelookinglink.exe (file missing)
O23 - Service: Util lookinglink - Unknown owner - C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 11835 bytes
 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 10:29 AM

Hi notesetter,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 28 July 2014 - 11:31 AM

Hi OCD. Thank you for picking this thread up. Here are the results you requested:
 

 

 

 

 

 

 

%%% Security Check %%%

 

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender        
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (31.0)
 Mozilla Thunderbird (24.6.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Heather Desktop malware SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 

 

%%% aswMBR.exe %%%

 

Norton Security Suite complained that this file was unsafe, and automatically removed it. I can restore the file and run it anyway, but I'll wait for further instructions in case the link provided was a bad link.
 

 

 

 

 

 

%%% Farber Recover Scan Tool %%%

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Heather (administrator) on HEATHERS_LAPTOP on 28-07-2014 13:21:42
Running from C:\Users\Heather\Desktop\malware
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13637848 2013-08-02] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...03ddf7e7d&sspv=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Block site - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-14]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Norton Identity Protection) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X]
S2 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R0 LPCFilter; C:\Windows\System32\drivers\LPCFilter.sys [31024 2012-08-02] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.003\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.003\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 13:21 - 2014-07-28 13:21 - 00000000 ____D () C:\FRST
2014-07-27 11:58 - 2014-07-28 13:21 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:05 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:05 - 2014-07-20 12:07 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:05 - 2014-07-20 12:07 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:37 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 18:20 - 2014-07-19 20:51 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 11:44 - 2014-07-16 11:45 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-16 11:40 - 2014-07-16 11:41 - 00928856 _____ (SafeInstall, LLC) C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe
2014-07-16 11:39 - 2014-07-16 11:39 - 00928856 _____ (SafeInstall, LLC) C:\Users\Heather\Downloads\manualdownload_14374_STN.exe
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:48 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 14:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 14:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 14:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 14:04 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 14:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 14:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 14:03 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 14:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 14:03 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 14:03 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 14:03 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 14:03 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 14:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 14:02 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 14:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 14:02 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 14:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 14:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 14:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 14:01 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 14:01 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 14:01 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 14:01 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 14:01 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 14:01 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 14:01 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 14:01 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 14:01 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 14:01 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 14:01 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 14:01 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 14:01 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 14:01 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:58 - 2014-07-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 13:21 - 2014-07-28 13:21 - 00000000 ____D () C:\FRST
2014-07-28 13:21 - 2014-07-27 11:58 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-28 13:18 - 2013-05-20 18:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-28 13:09 - 2013-12-29 13:56 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C15F27BE-D4E0-4167-A7C5-1C65C0E76AD4}
2014-07-28 13:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-28 10:22 - 2013-05-19 16:46 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1001
2014-07-28 09:33 - 2014-01-17 21:18 - 00000000 __RDO () C:\Users\Heather\SkyDrive
2014-07-28 09:31 - 2013-12-22 13:37 - 00000000 ____D () C:\Users\Heather
2014-07-28 09:31 - 2013-05-19 16:44 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 09:31 - 2013-05-19 16:44 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 09:28 - 2013-11-14 03:20 - 00116072 _____ () C:\WINDOWS\PFRO.log
2014-07-28 09:28 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-28 09:28 - 2013-05-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 20:16 - 2013-12-22 15:22 - 01770533 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-27 18:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 21:32 - 2014-01-21 11:23 - 00003978 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{285562D3-51C6-4140-ACD3-F3063F695945}
2014-07-26 21:27 - 2013-05-19 20:15 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\.minecraft
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-26 16:28 - 2013-05-26 09:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-26 12:28 - 2013-05-19 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1002
2014-07-25 09:54 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 09:48 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-25 02:41 - 2013-05-23 18:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1003
2014-07-24 21:57 - 2013-08-20 14:19 - 00000000 ___RD () C:\Users\Elliot Stocker\SkyDrive
2014-07-24 10:03 - 2013-05-22 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 19:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:24 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:38 - 2014-07-20 10:37 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 20:51 - 2014-07-19 18:20 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 18:06 - 2013-10-14 19:10 - 00000000 ____D () C:\Program Files (x86)\GoldenDict
2014-07-16 11:45 - 2014-07-16 11:44 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-16 11:41 - 2014-07-16 11:40 - 00928856 _____ (SafeInstall, LLC) C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe
2014-07-16 11:39 - 2014-07-16 11:39 - 00928856 _____ (SafeInstall, LLC) C:\Users\Heather\Downloads\manualdownload_14374_STN.exe
2014-07-15 22:28 - 2013-10-14 19:11 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\GoldenDict
2014-07-15 09:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-14 17:02 - 2013-10-13 19:15 - 00000000 ____D () C:\Users\Heather\Desktop\Pink Drive
2014-07-14 14:38 - 2013-08-17 12:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\HP
2014-07-12 22:24 - 2013-08-22 10:44 - 00531008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 22:18 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:51 - 2013-08-14 18:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 13:48 - 2013-05-20 08:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 13:48 - 2013-05-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 13:48 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:12 - 2014-07-08 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 13:19 - 2013-05-20 18:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:18 - 2014-05-13 14:18 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 06:33 - 2013-05-20 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe
2014-07-02 21:15 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-30 18:45 - 2014-07-09 14:01 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 03:48 - 2014-07-09 14:01 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-09 14:01 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-26 05:09

==================== End Of Log ============================

 

 

 

 

 

 

 

%%% Addition.txt %%%

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Heather at 2014-07-28 13:24:02
Running from C:\Users\Heather\Desktop\malware
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 FUTURA CE-250 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.4 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Ancestral Quest 14 (HKLM-x32\...\InstallShield_{1648FCA6-1AAB-459C-96FE-A500F67B474B}) (Version: 14.00.0018 - Incline Software, LC)
Ancestral Quest 14 (x32 Version: 14.00.0018 - Incline Software, LC) Hidden
Ancestral Quest Collaboration Support (HKLM-x32\...\InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}) (Version: 1.10.0010 - Incline Software)
Ancestral Quest Collaboration Support (x32 Version: 1.10.0010 - Incline Software) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Frescobaldi 2.0.10 (HKLM-x32\...\Frescobaldi_is1) (Version: 2.0.10 - Wilbert Berendsen)
FUTURA CE-250 Software (x32 Version: 3.0.0.4 - Default Company Name) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GoldenDict (HKLM-x32\...\GoldenDict) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 4.0 Help Pack (English) (HKLM-x32\...\{677E28D3-85C1-4305-B73F-C24176DB60F3}) (Version: 4.0.3.3 - The Document Foundation)
LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation)
LilyPond (HKLM-x32\...\LilyPond) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
my editor v5.00 (HKLM-x32\...\{DA89EF83-F349-41D6-A897-BA11E8A3968C}) (Version: 5.00.5291.2010 - Wings Systems Ltd.)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
SewArt (HKLM-x32\...\{07910E84-69C2-4426-A400-4FA7F32C248B}) (Version: 1.6.7 - S & S Computing)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.23B - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.13 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-07-2014 10:14:52 Scheduled Checkpoint
15-07-2014 13:26:00 Scheduled Checkpoint
23-07-2014 09:45:16 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {06AF7482-785B-42EC-B727-7444CE5CB55A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0A3E2A83-AB0A-4E2C-B2D1-ED20BC288202} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22B3B796-28A1-4A4D-869C-13AC398CE431} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {25692F65-FCA7-48DF-ACC9-94AE085332D0} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {467D82CE-8A9D-45DC-B487-50111423BF8D} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
Task: {4729CAE5-B572-449C-9292-09D202F1EEDE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49AE4C46-5E96-46B0-A340-E1FB15A19C53} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {620A0ABE-494E-4F18-8725-D3212420EC8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7612D5E3-5EEA-4947-AD57-93933B9B585D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AEE576C-FFB2-45C5-A6FA-B47086886B87} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8521A0D5-DFDA-4455-9545-D072DADBF3FE} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BD8E78B4-9732-4C4E-AA67-01AF6F15F0D1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CCA0586A-55C1-4AE3-B793-88298A654341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {CE5AFD9D-F7E3-41F9-ACEC-00F3F0AB31C7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6B27650-6B53-439D-B5D9-B5F0D8DEEA4C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E9C70E83-4AFB-4218-AAFE-D0813ADA382F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {EA18052C-C959-4C22-9ECB-CB120D8F2005} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EE36EFAA-6493-4B2F-BF8B-B88B308C6649} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {FDF48EB3-7B7A-43B6-AEE4-7F7CD4297908} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-04 18:01 - 2012-08-04 18:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-07-19 16:13 - 2013-06-21 19:23 - 03108864 _____ () C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-06-16 10:18 - 2014-06-16 10:18 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2014-04-26 13:02 - 2014-04-26 13:02 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-26 03:30 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-23 10:37 - 2014-07-23 10:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 17:58 - 2014-07-08 17:58 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-07-08 17:58 - 2014-07-08 17:58 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-07-08 17:58 - 2014-07-08 17:58 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\David Stocker\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Elliot Stocker\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Heather\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Heather\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Ian Stocker\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 00:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9484

Error: (07/28/2014 00:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9484

Error: (07/28/2014 00:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 10:18:49 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/28/2014 09:59:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8562

Error: (07/28/2014 09:59:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8562

Error: (07/28/2014 09:59:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 09:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7218

Error: (07/28/2014 09:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7218

Error: (07/28/2014 09:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/28/2014 09:29:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%2147770990

Error: (07/28/2014 09:29:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util lookinglink service failed to start due to the following error:
%%2

Error: (07/28/2014 09:29:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update lookinglink service failed to start due to the following error:
%%2

Error: (07/28/2014 09:27:43 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY)
Description: 32212265131168800

Error: (07/28/2014 09:28:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:33:34 PM on ‎7/‎27/‎2014 was unexpected.

Error: (07/27/2014 00:11:41 PM) (Source: DCOM) (EventID: 10010) (User: HEATHERS_LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/27/2014 00:11:41 PM) (Source: DCOM) (EventID: 10010) (User: HEATHERS_LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 09:43:31 PM) (Source: DCOM) (EventID: 10010) (User: heathers_laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 09:43:31 PM) (Source: DCOM) (EventID: 10010) (User: heathers_laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 09:43:30 PM) (Source: DCOM) (EventID: 10010) (User: heathers_laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (04/24/2014 05:43:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 184093 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (01/07/2014 01:49:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 500412 seconds with 15900 seconds of active time.  This session ended with a crash.

Error: (11/02/2013 08:24:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/02/2013 08:17:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/01/2013 09:45:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3997.86 MB
Available physical RAM: 1699.63 MB
Total Pagefile: 5725.86 MB
Available Pagefile: 3497.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10650100G) (Fixed) (Total:455.22 GB) (Free:349.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 01:29 PM

Hi notesetter,
 

Norton Security Suite complained that this file was unsafe, and automatically removed it. I can restore the file and run it anyway, but I'll wait for further instructions in case the link provided was a bad link.


Go ahead and disable Norton while you complete the scan. The file is safe, and the link I provided is good. :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 28 July 2014 - 04:01 PM

Hi OCD, thanks again.
 
Here is the aswMBR.txt logfile. The dat file is attached.
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-28 16:43:44
-----------------------------
16:43:44.066    OS Version: Windows x64 6.2.9200
16:43:44.066    Number of processors: 4 586 0x3A09
16:43:44.066    ComputerName: HEATHERS_LAPTOP  UserName: Heather
16:43:53.630    Initialize success
16:43:53.912    VM: initialized successfully
16:43:53.927    VM: Intel CPU supported
16:44:07.658    VM: disk I/O iaStorA.sys
16:58:10.340    AVAST engine defs: 14072802
16:59:53.561    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
16:59:53.564    Disk 0 Vendor: TOSHIBA_MK5075GSX GT001M Size: 476940MB BusType: 11
16:59:53.841    Disk 0 MBR read successfully
16:59:53.848    Disk 0 MBR scan
16:59:53.878    Disk 0 unknown MBR code
16:59:53.885    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
16:59:54.158    Disk 0 scanning C:\WINDOWS\system32\drivers
17:00:14.050    Service scanning
17:00:18.945    Service BHDrvx64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys **LOCKED** 5
17:00:29.747    Service IDSVia64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys **LOCKED** 5
17:00:39.334    Service NAVENG C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.003\ENG64.SYS **LOCKED** 5
17:00:39.801    Service NAVEX15 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.003\EX64.SYS **LOCKED** 5
17:01:09.486    Modules scanning
17:01:09.504    Disk 0 trace - called modules:
17:01:09.588    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys storport.sys hal.dll iaStorA.sys
17:01:09.602    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000cbf24060]
17:01:09.615    3 CLASSPNP.SYS[fffff800cce8027b] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe000cbf28500]
17:01:09.628    5 thpdrv.sys[fffff800cddd6b3b] -> nt!IofCallDriver -> [0xffffe000ca6a8e50]
17:01:09.641    7 ACPI.sys[fffff800cccd57aa] -> nt!IofCallDriver -> \Device\00000032[0xffffe000ca6a7060]
17:01:11.795    AVAST engine scan C:\WINDOWS
17:01:20.408    AVAST engine scan C:\WINDOWS\system32
17:05:54.189    AVAST engine scan C:\WINDOWS\system32\drivers
17:06:17.834    AVAST engine scan C:\Users\Heather
17:22:46.264    File: C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe  **INFECTED** Win32:Adware-gen [Adw]
17:22:46.451    File: C:\Users\Heather\Downloads\manualdownload_14374_STN.exe  **INFECTED** Win32:Adware-gen [Adw]
17:24:41.529    AVAST engine scan C:\ProgramData
17:27:40.155    Scan finished successfully
17:53:43.129    Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\malware\MBR.dat"
17:53:43.138    The log file has been saved successfully to "C:\Users\Heather\Desktop\malware\aswMBR.txt"

 

 



#6 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 28 July 2014 - 04:03 PM

I'm having trouble attaching the MBR.dat file to a thread reply. I've tried both the basic uploader and the advanced uploader. Each time, the web application tells me "You aren't permitted to upload this kind of file"

 

I can email it if need be. Please let me know.

 

Thank you again,

 

David



#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 09:48 PM

Hi notesetter,
 

I'm having trouble attaching the MBR.dat file to a thread reply. I've tried both the basic uploader and the advanced uploader. Each time, the web application tells me "You aren't permitted to upload this kind of file"

I can email it if need be. Please let me know.

No that's fine just keep it on your desktop in case we need it.

=========================

bullseye_zpse9eaf36e.gif Disable FireFox plug-in

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to disable.
    • Block site
  • Click the Disable button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1001\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...03ddf7e7d&sspv=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
FF Extension: Block site - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-06-12]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV="
CHR DefaultSearchKeyword: conduit.search
S2 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X]
S2 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X]
C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe
C:\Users\Heather\Downloads\manualdownload_14374_STN.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:


  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • Fresh FRST.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 29 July 2014 - 12:27 PM

Hi OCD,

 

I've done everything as you requested.

 

At the moment, the computer seems to be running smoothly. It never had an infection of the Ultimate Defender variety, but our kids get on it sometimes and play games and I'm sure there are (or were) adware or malware scripts or maybe even some low profile viruses that piggybacked on some games or files they had downloaded. It would come to a halt and be almost frozen for several minutes when my wife was doing little more than checking email or typing in a Word document (and no other user account was signed in at the time). This hasn't happened in about a day or so, so I hope that we're cleaning those things out and getting it back to optimum running condition.

 

Here is the latest batch of log files:

 

 


%%%  Fixlog.txt  %%%

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Heather at 2014-07-29 12:02:40 Run:1
Running from C:\Users\Heather\Desktop\malware
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1001\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...03ddf7e7d&sspv=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
FF Extension: Block site - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-06-12]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV="
CHR DefaultSearchKeyword: conduit.search
S2 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X]
S2 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X]
C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe
C:\Users\Heather\Downloads\manualdownload_14374_STN.exe
*****************

C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1004\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1003\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1002\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2149090282-1950325670-3705300551-1001\User => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => Moved successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
Update lookinglink => Service deleted successfully.
Util lookinglink => Service deleted successfully.
C:\Users\Heather\Downloads\manualdownload_14374_STN(1).exe => Moved successfully.
C:\Users\Heather\Downloads\manualdownload_14374_STN.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

%%%  AdwCleaner[S0].txt  %%%

 

# AdwCleaner v3.301 - Report created 29/07/2014 at 12:17:47
# Updated 28/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Heather - HEATHERS_LAPTOP
# Running from : C:\Users\Heather\Desktop\malware\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Heather\Favorites\StumbleUpon
Folder Deleted : C:\Users\David Stocker\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\David Stocker\Favorites\StumbleUpon
Folder Deleted : C:\Users\Elliot Stocker\Favorites\StumbleUpon
Folder Deleted : C:\Users\Ian Stocker\Favorites\StumbleUpon
File Deleted : C:\Users\Elliot Stocker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elliot Stocker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\David Stocker\AppData\Roaming\Mozilla\Firefox\Profiles\nhgxxy3q.default\prefs.js ]


[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\prefs.js ]


[ File : C:\Users\Ian Stocker\AppData\Roaming\Mozilla\Firefox\Profiles\u9t3w00x.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\David Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\Elliot Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxps://isearch.avg.com/?cid={F1F329B2-62F8-4CFB-BEA1-5AB038911FDF}&mid=03aebfe2f69d47d085e0d15aef2cc2ca-13cbc93bbb06ef3cf0e384dd2b2f2602961fc4cf&lang=en&ds=ft011&pr=sa&d=2012-08-14 15:15:35&v=12.2.0.5&sap=hp
Deleted [Startup_urls] : hxxp://feed.snap.do/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=a60ed1a5-676f-4878-a218-b2ea037ea460&searchtype=hp&installDate=26/06/2013
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=a60ed1a5-676f-4878-a218-b2ea037ea460&searchtype=hp&installDate=26/06/2013

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE459B69B-D0A2-4154-BB0B-06903DDF7E7D&SSPV=

[ File : C:\Users\Ian Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4133 octets] - [29/07/2014 12:15:29]
AdwCleaner[S0].txt - [3871 octets] - [29/07/2014 12:17:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3931 octets] ##########
 

 

 

 

 

 

%%%  JRT.txt  %%%

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Heather on Tue 07/29/2014 at 12:37:57.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\qhsuvgm3.default-1397496012115\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/29/2014 at 12:45:32.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

%%%  FRST.txt  %%%

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Heather (administrator) on HEATHERS_LAPTOP on 29-07-2014 14:14:04
Running from C:\Users\Heather\Desktop\malware
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Thisisu) C:\Users\Heather\Desktop\malware\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13637848 2013-08-02] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: conduit.search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Norton Identity Protection) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140728.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R0 LPCFilter; C:\Windows\System32\drivers\LPCFilter.sys [31024 2012-08-02] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.039\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140728.039\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 12:45 - 2014-07-29 12:45 - 00000771 _____ () C:\Users\Heather\Desktop\JRT.txt
2014-07-29 12:37 - 2014-07-29 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-29 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-29 12:15 - 2014-07-29 12:31 - 00000000 ____D () C:\AdwCleaner
2014-07-28 13:21 - 2014-07-29 14:14 - 00000000 ____D () C:\FRST
2014-07-27 11:58 - 2014-07-29 14:14 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:05 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:05 - 2014-07-20 12:07 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:05 - 2014-07-20 12:07 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:37 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 18:20 - 2014-07-19 20:51 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 11:44 - 2014-07-16 11:45 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:48 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 14:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 14:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 14:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 14:04 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 14:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 14:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 14:03 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 14:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 14:03 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 14:03 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 14:03 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 14:03 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 14:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 14:02 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 14:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 14:02 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 14:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 14:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 14:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 14:01 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 14:01 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 14:01 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 14:01 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 14:01 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 14:01 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 14:01 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 14:01 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 14:01 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 14:01 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 14:01 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 14:01 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 14:01 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 14:01 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:58 - 2014-07-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 14:14 - 2014-07-28 13:21 - 00000000 ____D () C:\FRST
2014-07-29 14:14 - 2014-07-27 11:58 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-29 14:12 - 2013-12-29 13:56 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C15F27BE-D4E0-4167-A7C5-1C65C0E76AD4}
2014-07-29 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-29 13:31 - 2013-05-19 16:44 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 13:18 - 2013-05-20 18:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-29 12:52 - 2013-05-19 16:46 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1001
2014-07-29 12:45 - 2014-07-29 12:45 - 00000771 _____ () C:\Users\Heather\Desktop\JRT.txt
2014-07-29 12:42 - 2014-01-17 21:18 - 00000000 __RDO () C:\Users\Heather\SkyDrive
2014-07-29 12:37 - 2014-07-29 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-29 12:34 - 2013-05-19 16:44 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 12:33 - 2013-11-14 03:20 - 00116382 _____ () C:\WINDOWS\PFRO.log
2014-07-29 12:33 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-29 12:32 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-29 12:31 - 2014-07-29 12:15 - 00000000 ____D () C:\AdwCleaner
2014-07-29 12:20 - 2013-12-22 15:22 - 01850659 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 12:04 - 2013-12-22 13:37 - 00000000 ____D () C:\Users\Heather
2014-07-29 11:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-28 20:15 - 2013-05-19 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1002
2014-07-28 20:03 - 2013-05-26 09:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-28 09:28 - 2013-05-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 18:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 21:32 - 2014-01-21 11:23 - 00003978 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{285562D3-51C6-4140-ACD3-F3063F695945}
2014-07-26 21:27 - 2013-05-19 20:15 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\.minecraft
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-25 09:54 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 02:41 - 2013-05-23 18:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1003
2014-07-24 21:57 - 2013-08-20 14:19 - 00000000 ___RD () C:\Users\Elliot Stocker\SkyDrive
2014-07-24 10:03 - 2013-05-22 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:24 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:38 - 2014-07-20 10:37 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 20:51 - 2014-07-19 18:20 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 18:06 - 2013-10-14 19:10 - 00000000 ____D () C:\Program Files (x86)\GoldenDict
2014-07-16 11:45 - 2014-07-16 11:44 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-15 22:28 - 2013-10-14 19:11 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\GoldenDict
2014-07-15 09:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-14 17:02 - 2013-10-13 19:15 - 00000000 ____D () C:\Users\Heather\Desktop\Pink Drive
2014-07-14 14:38 - 2013-08-17 12:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\HP
2014-07-12 22:24 - 2013-08-22 10:44 - 00531008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 22:18 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:51 - 2013-08-14 18:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 13:48 - 2013-05-20 08:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 13:48 - 2013-05-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 13:48 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:12 - 2014-07-08 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 13:19 - 2013-05-20 18:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:18 - 2014-05-13 14:18 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 06:33 - 2013-05-20 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe
2014-07-02 21:15 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-30 18:45 - 2014-07-09 14:01 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 12:57

==================== End Of Log ============================



#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 July 2014 - 06:40 PM

Hi notesetter,

FRST log is looking pretty good. But we have a few adjustments to make to Chrome.

bullseye_zpse9eaf36e.gif Reset / Change Homepage in Chrome

  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
    • Add the home button to the browser toolbar
      Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
    • Set your home page
      When the "Show Home button" checkbox is selected, a web address appears below it. This is the address you will want to change. (hxxp:searchou.com/)
      Click Change to enter a link (i.e. http://www.google.com). You can also choose the New Tab page as your home page.

=========================

Also in Chrome settings:

bullseye_zpse9eaf36e.gif Set your default search engine in Chrome

  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings
  • In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make Default button that appears in the row.

If the search engine you want to use isn't on this list, you can first add it as a new search engine option.

If the "Make Default" button doesn't appear for the search engine you've selected, you may need to edit its URL.

=========================

bullseye_zpse9eaf36e.gif Delete cache and other browser data in Chrome

  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
    • Clear browsing history
    • Clear download history
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Clear saved passwords
    • Clear saved Autofill form data
    • Clear data from hosted apps
    • Deauthorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:


  • FRST.txt
  • How is the computer running at the moment, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 31 July 2014 - 08:02 AM

Hi OCD,

 

I changed and cleaned Chrome's settings for all users on the system, and ran the Farbar Recovery Scan Tool again. The system seems to be behaving at the moment. Internet connection is sometimes dropped for mysterious reasons, but that may be a separate issue.

 

Here is the FRST.log:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Heather (administrator) on HEATHERS_LAPTOP on 31-07-2014 09:56:35
Running from C:\Users\Heather\Desktop\malware
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13637848 2013-08-02] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2149090282-1950325670-3705300551-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKCU - {88AEC9DD-7E60-41E7-B5E6-1817F93AD240} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Norton Identity Protection) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140730.002\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R0 LPCFilter; C:\Windows\System32\drivers\LPCFilter.sys [31024 2012-08-02] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140730.022\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140730.022\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-07-30 20:39 - 2014-07-30 20:39 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Heather\Desktop\CouponPrinter.exe
2014-07-29 12:45 - 2014-07-29 12:45 - 00000771 _____ () C:\Users\Heather\Desktop\JRT.txt
2014-07-29 12:37 - 2014-07-29 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-29 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-29 12:15 - 2014-07-29 12:31 - 00000000 ____D () C:\AdwCleaner
2014-07-28 13:21 - 2014-07-31 09:56 - 00000000 ____D () C:\FRST
2014-07-27 11:58 - 2014-07-31 09:56 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:05 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:05 - 2014-07-20 12:07 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:05 - 2014-07-20 12:07 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:37 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 18:20 - 2014-07-19 20:51 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 11:44 - 2014-07-16 11:45 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:48 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 14:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 14:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 14:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 14:04 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 14:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 14:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 14:03 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 14:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 14:03 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 14:03 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 14:03 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 14:03 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 14:03 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 14:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 14:02 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 14:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 14:02 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 14:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 14:02 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 14:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 14:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 14:02 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 14:02 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 14:02 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 14:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 14:02 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 14:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 14:01 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 14:01 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 14:01 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 14:01 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 14:01 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 14:01 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 14:01 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 14:01 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 14:01 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 14:01 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 14:01 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:01 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 14:01 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 14:01 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 14:01 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 14:01 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 14:01 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:58 - 2014-07-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 09:56 - 2014-07-28 13:21 - 00000000 ____D () C:\FRST
2014-07-31 09:56 - 2014-07-27 11:58 - 00000000 ____D () C:\Users\Heather\Desktop\malware
2014-07-31 09:55 - 2013-12-29 13:56 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C15F27BE-D4E0-4167-A7C5-1C65C0E76AD4}
2014-07-31 09:55 - 2013-05-19 16:46 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1001
2014-07-31 09:51 - 2014-01-17 21:18 - 00000000 __RDO () C:\Users\Heather\SkyDrive
2014-07-31 09:51 - 2013-05-19 16:44 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 09:50 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 09:49 - 2013-12-22 15:22 - 01315451 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 09:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-31 09:49 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 09:43 - 2013-05-26 09:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 09:41 - 2013-09-08 16:23 - 00000000 ___RD () C:\Users\David Stocker\Google Drive
2014-07-31 09:40 - 2013-05-20 21:23 - 00000000 ___RD () C:\Users\David Stocker\SkyDrive
2014-07-31 09:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-30 22:31 - 2013-05-19 16:44 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 22:18 - 2013-05-20 18:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-07-30 20:39 - 2014-07-30 20:39 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Heather\Desktop\CouponPrinter.exe
2014-07-30 10:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-29 12:45 - 2014-07-29 12:45 - 00000771 _____ () C:\Users\Heather\Desktop\JRT.txt
2014-07-29 12:37 - 2014-07-29 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-29 12:33 - 2013-11-14 03:20 - 00116382 _____ () C:\WINDOWS\PFRO.log
2014-07-29 12:31 - 2014-07-29 12:15 - 00000000 ____D () C:\AdwCleaner
2014-07-29 12:04 - 2013-12-22 13:37 - 00000000 ____D () C:\Users\Heather
2014-07-28 20:15 - 2013-05-19 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1002
2014-07-28 09:28 - 2013-05-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 11:57 - 2014-07-27 11:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heather\Downloads\HiJackThis.exe
2014-07-26 21:32 - 2014-01-21 11:23 - 00003978 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{285562D3-51C6-4140-ACD3-F3063F695945}
2014-07-26 21:27 - 2013-05-19 20:15 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\.minecraft
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Downloads\Survival vs Me.rar
2014-07-26 20:59 - 2014-07-26 20:59 - 03699805 _____ () C:\Users\Ian Stocker\Desktop\Survival vs Me.rar
2014-07-25 09:54 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:49 - 2013-05-22 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 02:41 - 2013-05-23 18:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149090282-1950325670-3705300551-1003
2014-07-24 21:57 - 2013-08-20 14:19 - 00000000 ___RD () C:\Users\Elliot Stocker\SkyDrive
2014-07-24 10:03 - 2013-05-22 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 10:37 - 2014-07-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 12:24 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Local\Roblox
2014-07-20 12:07 - 2014-07-20 12:07 - 00001385 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Player.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00001200 _____ () C:\Users\Ian Stocker\Desktop\ROBLOX Studio 2013.lnk
2014-07-20 12:07 - 2014-07-20 12:05 - 00000000 ____D () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (2).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher (1).exe
2014-07-20 12:05 - 2014-07-20 12:05 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Desktop\RobloxPlayerLauncher (2).exe
2014-07-20 12:04 - 2014-07-20 12:04 - 00635248 _____ (ROBLOX Corporation) C:\Users\Ian Stocker\Downloads\RobloxPlayerLauncher.exe
2014-07-20 10:38 - 2014-07-20 10:38 - 13166304 _____ () C:\Users\Ian Stocker\Desktop\The island.zip
2014-07-20 10:38 - 2014-07-20 10:37 - 13166304 _____ () C:\Users\Ian Stocker\Downloads\The island.zip
2014-07-19 20:51 - 2014-07-19 18:20 - 00001901 _____ () C:\Users\Ian Stocker\Desktop\Team Fortress 2.lnk
2014-07-19 18:20 - 2014-07-19 18:20 - 00002085 _____ () C:\Users\Ian Stocker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team Fortress 2.lnk
2014-07-16 18:06 - 2013-10-14 19:10 - 00000000 ____D () C:\Program Files (x86)\GoldenDict
2014-07-16 11:45 - 2014-07-16 11:44 - 11920368 _____ (Wondershare Software ) C:\Users\Heather\Downloads\pdf-to-word_full417.exe
2014-07-15 22:28 - 2013-10-14 19:11 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\GoldenDict
2014-07-15 09:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-14 17:02 - 2013-10-13 19:15 - 00000000 ____D () C:\Users\Heather\Desktop\Pink Drive
2014-07-14 14:38 - 2013-08-17 12:03 - 00000000 ____D () C:\Users\Heather\AppData\Local\HP
2014-07-12 22:24 - 2013-08-22 10:44 - 00531008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 22:18 - 2014-07-12 22:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 22:18 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 22:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 10:54 - 2014-07-12 10:54 - 00000219 _____ () C:\Users\Ian Stocker\Desktop\Portal 2.url
2014-07-10 13:51 - 2013-08-14 18:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 13:48 - 2013-05-20 08:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 13:48 - 2013-05-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 13:48 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 13:54 - 2014-07-09 13:54 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:12 - 2014-07-08 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 13:19 - 2013-05-20 18:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:18 - 2014-05-13 14:18 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 06:33 - 2013-05-20 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieUserList
2014-07-06 16:45 - 2014-07-06 16:45 - 00000000 __SHD () C:\Users\Ian Stocker\AppData\Local\EmieSiteList
2014-07-06 16:21 - 2014-07-06 16:21 - 02744044 _____ () C:\Users\Ian Stocker\Downloads\Assassins Craft III Pt_2.zip
2014-07-06 14:25 - 2014-07-06 14:25 - 00167936 _____ (ICSharpCode.net) C:\Users\Ian Stocker\Desktop\ICSharpCode.SharpZipLib1.dll
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Downloads\Smart Moving Mod Installer 1.7.10.exe
2014-07-06 14:24 - 2014-07-06 14:24 - 01185056 _____ () C:\Users\Ian Stocker\Desktop\Smart Moving Mod Installer 1.7.10.exe
2014-07-02 21:15 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 12:57

==================== End Of Log ============================


    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 July 2014 - 11:16 AM

Hi notesetter,

I noticed you have installed a Coupon Printing software. This type of software although helpful and probably required to print coupons found online it is categorized as adware because it is usually bundled with "extra" software that is either not mentioned during the install or not wanted.

If you knowingly chose to install this software, and would like to keep it (acknowledging the ramifications), then SKIP the FRST fix as outlined below.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-07-30 20:41 - 2014-07-30 20:41 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-07-30 20:39 - 2014-07-30 20:39 - 02027336 _____ (Coupons.com Incorporated) C:\Users\Heather\Desktop\CouponPrinter.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • Fixlog.txt - (if FRST was run)
  • AdwCleaner[S1].txt
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 02 August 2014 - 05:18 AM

Hi OCD,

 

Yes, the coupon printing program was installed only a few days ago (the issues with slowness and halting have been going on for weeks) and we'll keep it as is for now and get rid of it in the future if it's causing problems. My hunch is that it's okay, but I guess we'll see.

The computer is running okay right now. After the Adware Cleaner reboot, I chose the wireless network to connect to from the menu and it connected very quickly - like in a flash - so I think that's promising. I was concerned that aspect was due to a hardware issue, but now I'm less sure.

Here is the next round of log files:

 

%%%  AdwCleaner  %%%

 

# AdwCleaner v3.302 - Report created 01/08/2014 at 22:46:59
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Heather - HEATHERS_LAPTOP
# Running from : C:\Users\Heather\Desktop\malware\adwcleaner_3.302.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\David Stocker\AppData\Roaming\Mozilla\Firefox\Profiles\nhgxxy3q.default\prefs.js ]


[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\qhsuvgm3.default-1397496012115\prefs.js ]


[ File : C:\Users\Ian Stocker\AppData\Roaming\Mozilla\Firefox\Profiles\u9t3w00x.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\David Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Elliot Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Ian Stocker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4133 octets] - [29/07/2014 12:15:29]
AdwCleaner[R1].txt - [1577 octets] - [01/08/2014 22:41:24]
AdwCleaner[S0].txt - [4019 octets] - [29/07/2014 12:17:47]
AdwCleaner[S1].txt - [1498 octets] - [01/08/2014 22:46:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1558 octets] ##########
 

 

 

 

 

%%%  MBAM log  %%%

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/1/2014
Scan Time: 11:08:33 PM
Logfile: MBAM_log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.01.06
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Heather

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420662
Time Elapsed: 23 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2149090282-1950325670-3705300551-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ea80f0d17803e94d70eb74ecae54db25],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2149090282-1950325670-3705300551-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ea80f0d17803e94d70eb74ecae54db25],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2149090282-1950325670-3705300551-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ea80f0d17803e94d70eb74ecae54db25],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

%%%  ESET scan log  %%%

 

C:\FRST\Quarantine\C\Users\Heather\Downloads\manualdownload_14374_STN(1).exe.xBAD    probably a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\Heather\Downloads\manualdownload_14374_STN.exe.xBAD    probably a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
C:\Users\Heather\Desktop\Pink Drive\images for embroidery\cbsidlm-cbsi176-SewArt-SEO-75871344.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
 



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 August 2014 - 08:17 AM

Hi notesetter,

Those scans look good. :thumbup:
Test the system for a few days, then check back in with a performance update. Also, please make note any symptoms.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 notesetter

notesetter

    Authentic Member

  • Authentic Member
  • PipPip
  • 120 posts
  • Interests:Music Production<br />Music Transcription and Engraving<br />Baseball

Posted 02 August 2014 - 07:26 PM

Thanks for all your help, OCD. I'll get back with you in a few days to let you know whether it's having any more problems. It seems to be pretty smooth at the moment.

 

Thanks again,

 

David



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 August 2014 - 07:41 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users