TechSpot

I just know I have a virus/Trojan something

Solved
By Daward40
Jan 24, 2013
Topic Status:
Not open for further replies.
  1. I followed all the pre requisite performances and here are the logs. The way I know I have something is when I click on IE it comes up http://www.yahoo.com/?ilc=17 instead of just yahoo.com or it will in in 1 instead of 17. Can someone please help? I feel really stupid right now.

    Malbyte
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.24.03
    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    Davia :: DAVIA [administrator]
    1/24/2013 12:08:55 AM
    mbam-log-2013-01-24 (00-08-55).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209023
    Time elapsed: 2 minute(s), 1 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)

    THis is the DDS:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
    Run by Davia at 0:14:56 on 2013-01-24
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2356 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\dwm.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Toshiba\Teco\TecoService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    C:\Program Files\Toshiba\Teco\TecoResident.exe
    C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\SearchProtocolHost.exe

    now the txt file

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
    Run by Davia at 0:14:56 on 2013-01-24
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2356 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\dwm.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Toshiba\Teco\TecoService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    C:\Program Files\Toshiba\Teco\TecoResident.exe
    C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\SearchProtocolHost.exe
  2. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Oh sorry thanks for any and all help I am soooo frustrated right now :)
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    THANK YOU THANK YOU THNAK YOU
    Okay when I download it says This operating system is not supported Combo Fix only runs on:
    Windows xp
    Windows Vista
    Windows 7
    windows 2000 is no longer supported
  5. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    I cant get into safe mode I have tried :'(
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Oops, my apologies. I thought it was Windows 7...but I see Windows 8 actually. Alrighty :D

    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.



    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  7. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Here are the two reports by roguekiller AGAIN thank you!!!!

    RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Davia [Admin rights]
    Mode : Scan -- Date : 01/24/2013 11:27:34
    | ARK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DTUpdate.exe -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
    --- User ---
    [MBR] a84dd93b5b19931ceaddbccc47850486
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01242013_02d1127.txt >>
    RKreport[1]_S_01242013_02d1127.txt



    RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Davia [Admin rights]
    Mode : Remove -- Date : 01/24/2013 11:28:11
    | ARK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DTUpdate.exe -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
    --- User ---
    [MBR] a84dd93b5b19931ceaddbccc47850486
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01242013_02d1128.txt >>
    RKreport[1]_S_01242013_02d1127.txt ; RKreport[2]_D_01242013_02d1128.txt
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. You're welcome. Will wait on other scans.
  9. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    TDSSKILLER

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  11. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Here you go

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-24 12:11:03
    -----------------------------
    12:11:03.538 OS Version: Windows x64 6.2.9200
    12:11:03.538 Number of processors: 4 586 0x3A09
    12:11:03.539 ComputerName: DAVIA UserName: Davia
    12:11:04.036 Initialze error 1
    12:11:33.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
    12:11:33.491 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA60B Size: 476940MB BusType: 11
    12:11:33.531 Disk 0 MBR read successfully
    12:11:33.532 Disk 0 MBR scan
    12:11:33.534 Disk 0 unknown MBR code
    12:11:33.536 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    12:11:33.538 Disk 0 scanning C:\windows\system32\drivers
    12:11:33.540 Service scanning
    12:11:34.235 Modules scanning
    12:11:34.240 Scan finished successfully
    12:12:23.212 Disk 0 MBR has been saved successfully to "C:\Users\Davia Ward\Desktop\MBR.dat"
    12:12:23.213 The log file has been saved successfully to "C:\Users\Davia Ward\Desktop\aswMBR.txt"
    The other file you asked me to rename when trying to upload I get and error message " the uploaded file does not have an allowed extention"
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Upload to SpeedyShare.com.
    • When you enter the site, click the center bar, "Click here to upload[...]", find the file "mbr.dat" in "Desktop". Select that, and upload it.
    • Once you do that, you will get a sharing link. Please post that in your next reply.


    Will wait for OTL log...
  13. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Here is the OTL log

    d/yyyy

    3.89 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.19% Memory free
    5.82 Gb Paging File | 4.32 Gb Available in Paging File | 74.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 455.65 Gb Total Space | 408.62 Gb Free Space | 89.68% Space Free | Partition Type: NTFS

    Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    PRC - [2012/12/25 09:14:14 | 001,683,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
    PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
    PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
    MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2013/01/21 15:50:06 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
    SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
    SRV - [2012/11/14 01:04:22 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
    SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
    SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
    DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
    DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
    DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
    DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
    DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
    DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130123.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.003\ex64.sys -- (NAVEX15)
    DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.003\eng64.sys -- (NAVENG)
    DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)


    ========== Standard Registry (SafeList) ==========
  14. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
    IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
    IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
    IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
    IE - HKCU\..\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
    IE - HKCU\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
    IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
    IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin [2013/01/23 19:19:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/102
    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/102
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

    O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll ()
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
    [2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
    [2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013/01/24 09:59:06 | 005,114,096 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
    [2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
    [2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
    [2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
    [2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
    [2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
    [2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
    [2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
    [2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
    [2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
    [2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
    [2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
    [2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
    [2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
    [2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
    [2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
    [2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    [2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
    [2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
    [2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
    [2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
    [2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
    [2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
    [2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
    [2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
    [2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
    [2013/01/21 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
    [2013/01/21 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
    [2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
    [2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
    [2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
    [2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
    [2013/01/19 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Toolbar
    [2013/01/19 10:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
    [2013/01/17 11:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5zEI
    [2013/01/15 13:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InboxDollars
    [2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
    [2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
    [2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
    [2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
    [2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
    [2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
    [2013/01/09 07:32:22 | 000,000,000 | -HSD | C] -- C:\windows\syspkgwk
    [2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
    [2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
    [2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
    [2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
    [2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
    [2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
    [2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
    [2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
    [2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    [2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
    [2012/12/29 11:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
    [2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
    [2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
    [2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
    [2012/12/29 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
    [2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
    [2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
    [2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
    [2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
    [2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
    [2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
    [2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/12/26 18:13:45 | 000,000,000 | R--D | C] -- C:\Users\Davia Ward\Documents\Scanned Documents
    [2012/12/26 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Fax

    ========== Files - Modified Within 30 Days ==========

    [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:47:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 11:23:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/01/24 11:23:26 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/24 11:21:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/01/24 11:21:39 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/24 10:40:26 | 005,114,096 | ---- | M] (PC Cleaners) -- C:\windows\uninst.exe
    [2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
    [2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

    ========== Files Created - No Company Name ==========

    [2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
    [2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
    [2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
    [2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
    [2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
    [2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
    [2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
    [2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
    [2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
    [2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
    [2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
    [2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
    [2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
    [2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
    [2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
    [2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
    [2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
    [2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
    [2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
    [2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
    [2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
    [2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
    [2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
    [2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
    [2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
    [2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
    [2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
    [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
    [2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/29 09:13:36 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
    [2013/01/21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
    [2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
    [2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/01 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\ShopAtHome
    [2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

    ========== Purity Check ==========


    < End of report >
  15. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Which link do you want me to post for speedy share??
  16. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

  17. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Alrighty, looks like a rogue program infected the computer. Lots of adware too. Would you like me to point you to a list of free, legitimate (adware-free) coupon resources?

    Also, please don't bump your topic. Lately, I've only been able to make it in here once to twice a day, since my car wants to act up. Right now, we have quite a bit of snow on the ground. It shall be a fun day today. :p

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  19. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Yes on the adware thanks.

    I bumped because I didn't want to lose track of thread incase it was awhile before you could get back :)

    It supposed to snow here today this afternoon everybody is closing early. You would think it was the end of the world:D

    Will get right back with you on the other !!! Thanks again
  20. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Wow you are amazing

    lue HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
    File C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
    File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
    File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
    File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe moved successfully.
    C:\Windows\uninst.exe moved successfully.
    C:\Program Files (x86)\DefaultTab folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\x64 folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\components folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1 folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr folder moved successfully.
    C:\Program Files (x86)\SR Toolbar folder moved successfully.
    C:\Program Files (x86)\jZip folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr\setups folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI folder moved successfully.
    C:\Program Files (x86)\InboxDollars folder moved successfully.
    C:\windows\syspkgwk\x64 folder moved successfully.
    C:\windows\syspkgwk\Templates folder moved successfully.
    C:\windows\syspkgwk folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeHelper folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
    C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Davia Ward
    ->Temp folder emptied: 7413358 bytes
    ->Temporary Internet Files folder emptied: 59063323 bytes
    ->Java cache emptied: 1769757 bytes
    ->Google Chrome cache emptied: 15934469 bytes
    ->Flash cache emptied: 1431 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 351727 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 31338630 bytes

    Total Files Cleaned = 111.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01252013_110541

    Files\Folders moved on Reboot...
    C:\Users\Davia Ward\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Davia Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Just fyi
    When I ran the otl with the fix it ran faster then I did the adware and it went back to the way it was wierd
  22. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Adware file

    AdwCleaner v2.108 - Logfile created 01/25/2013 at 11:16:27
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 8 (64 bits)
    # User : Davia - DAVIA
    # Boot Mode : Normal
    # Running from : C:\Users\Davia Ward\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : DefaultTabSearch
    Stopped & Deleted : DefaultTabUpdate

    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\boost_interprocess
    Deleted on reboot : C:\ProgramData\Browser Manager
    Folder Deleted : C:\ProgramData\APN

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\Software\SearchquSRTB
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000062133
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\DataMngr

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16453

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    *************************

    AdwCleaner[S1].txt - [11063 octets] - [25/01/2013 11:16:27]

    ########## EOF - C:\AdwCleaner[S1].txt - [11124 octets] ##########



    Just so you know the computer asked to be rebooted after adware finished ..... it was the only option but when I went back on ie the same thing happened after reboot it went back to the way it was before the otl fix. www.yahoo.com ie17. (crap)

    It ran faster after the otl fix and reboot now its back to the way it was How can that happen??
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I don't think I touched the homepage issue...let's go with a new OTL Quick Scan, please.
  24. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Otl here ya go

    OTL logfile created on: 1/25/2013 11:49:33 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davia Ward\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16453)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 68.27% Memory free
    5.82 Gb Paging File | 4.49 Gb Available in Paging File | 77.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 455.65 Gb Total Space | 408.76 Gb Free Space | 89.71% Space Free | Partition Type: NTFS

    Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
    PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
    PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
    MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
    SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
    SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
    SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
    DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
    DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
    DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
    DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
    DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
    DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.023\ex64.sys -- (NAVEX15)
    DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.023\eng64.sys -- (NAVENG)
    DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
    IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
    IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
    IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
    IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/102
    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/102
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

    O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [*ForceDelete] C:\Users\Davia Ward\Desktop\adwcleaner.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  25. Daward40

    Daward40 TS Rookie Topic Starter Posts: 29

    Otl Part 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/25 11:05:41 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
    [2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
    [2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
    [2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
    [2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
    [2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
    [2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
    [2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
    [2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
    [2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
    [2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
    [2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
    [2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
    [2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
    [2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
    [2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
    [2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
    [2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    [2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
    [2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
    [2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
    [2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
    [2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
    [2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
    [2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
    [2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
    [2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
    [2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
    [2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
    [2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
    [2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
    [2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
    [2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
    [2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
    [2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
    [2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
    [2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
    [2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
    [2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
    [2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
    [2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
    [2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
    [2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
    [2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
    [2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
    [2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    [2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
    [2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
    [2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
    [2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
    [2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
    [2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
    [2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
    [2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
    [2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
    [2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
    [2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/12/26 18:13:45 | 000,000,000 | R--D | C] -- C:\Users\Davia Ward\Documents\Scanned Documents
    [2012/12/26 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Fax

    ========== Files - Modified Within 30 Days ==========

    [2013/01/25 11:47:01 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/25 11:30:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/01/25 11:29:26 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/25 11:28:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/01/25 11:28:46 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/25 11:15:09 | 000,578,255 | ---- | M] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
    [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
    [2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

    ========== Files Created - No Company Name ==========

    [2013/01/25 11:15:08 | 000,578,255 | ---- | C] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
    [2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
    [2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
    [2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
    [2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
    [2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
    [2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
    [2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
    [2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
    [2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
    [2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
    [2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
    [2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
    [2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
    [2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
    [2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
    [2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
    [2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
    [2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
    [2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
    [2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
    [2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
    [2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
    [2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
    [2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
    [2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
    [2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
    [2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
    [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
    [2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
    [2013/01/25 11:05:50 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.