I just know I have a virus/Trojan something

Solved
By Daward40
Jan 24, 2013
Topic Status:
Not open for further replies.
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next OTL fix...

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Fixing Google Chrome

    In order to remove infectious webpages from Google Chrome homepage and search settings, you have to do so manually.

    Here is the way to do it.

    1. Start Google Chrome.
    2. Hit the wrench or triple line icon and choose Settings:

    [​IMG]

    3. In the On Startup section, hit "Set Pages":

    [​IMG]

    4. Find hxxp://www.searchnu.com/102 and hit the X all the way to the right on it and hit OK:

    [​IMG]

    5. Then, find the Search section and hit Manage Search Engines...

    [​IMG]

    6. In both Default Search Engines and Other Search Engines sections, find the following and delete them using the X at the far right:

    Search Results = hxxp://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}

    [​IMG]


    7. DONE!


    Post OTL fix log once done with all that with one more OTL Quick Scan to verify infection is gone. After that, we'll check with ESET scan and finish up. :)
  2. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    The search engine you want me to delete (Search Results = hxxp://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}) does not have an x to it and it cant be deleted
  3. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Wait I just figured it out I deleted it
    DragonMaster Jay likes this.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Awesome. I'll see the other results later. I've got to step out for a while. :)
  5. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Okay here's the OTL Fix Log

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com deleted successfully.
    C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin\chrome folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin folder moved successfully.
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to change the HomePage.
    File C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
    File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ deleted successfully.
    C:\Program Files (x86)\Coupon Savings\toolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
    C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ deleted successfully.
    File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{65c72339-fb1d-4155-84e1-9afacee02d6f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
    File C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
    File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
    File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
    File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe moved successfully.
    C:\Windows\uninst.exe moved successfully.
    C:\Program Files (x86)\DefaultTab folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\x64 folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\components folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1 folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension folder moved successfully.
    C:\Program Files (x86)\SR Toolbar\Datamngr folder moved successfully.
    C:\Program Files (x86)\SR Toolbar folder moved successfully.
    C:\Program Files (x86)\jZip folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr\setups folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI\Installr folder moved successfully.
    C:\Program Files (x86)\CouponXplorer_5zEI folder moved successfully.
    C:\Program Files (x86)\InboxDollars folder moved successfully.
    C:\windows\syspkgwk\x64 folder moved successfully.
    C:\windows\syspkgwk\Templates folder moved successfully.
    C:\windows\syspkgwk folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\DefaultTab folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeHelper folder moved successfully.
    C:\Users\Davia Ward\AppData\Roaming\ShopAtHome folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
    C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Davia Ward
    ->Temp folder emptied: 7413358 bytes
    ->Temporary Internet Files folder emptied: 59063323 bytes
    ->Java cache emptied: 1769757 bytes
    ->Google Chrome cache emptied: 15934469 bytes
    ->Flash cache emptied: 1431 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 351727 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 31338630 bytes

    Total Files Cleaned = 111.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01252013_110541
    Files\Folders moved on Reboot...
    C:\Users\Davia Ward\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Davia Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot..
  6. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    OTL Log

    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Davia Ward
    ->Temp folder emptied: 37005 bytes
    ->Temporary Internet Files folder emptied: 4512223 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8278514 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
  7. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    I will not be back til this evening either family obligations if you leave me instructions I will get them then... Thank you for all your help!!!!!!!! Your Awsome!!!
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cool. One more Quick Scan from OTL, and then this:

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  9. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    OTL log Part 1

    OTL logfile created on: 1/25/2013 9:23:29 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davia Ward\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16453)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.61% Memory free
    5.82 Gb Paging File | 4.12 Gb Available in Paging File | 70.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 455.65 Gb Total Space | 408.78 Gb Free Space | 89.71% Space Free | Partition Type: NTFS

    Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
    PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
    PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
    PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
    MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
    MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
    MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
    MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
    MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
    SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
    SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
    SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
    DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
    DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
    DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
    DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
    DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
    DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
    DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130125.004\ex64.sys -- (NAVEX15)
    DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130125.004\eng64.sys -- (NAVENG)
    DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
    IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
    IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
    IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/102
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.searchnu.com/102
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

    O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [*ForceDelete] C:\Users\Davia Ward\Desktop\adwcleaner.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  10. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    OTL Part 2

    olor=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2013/01/25 11:05:41 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
    [2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
    [2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
    [2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
    [2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
    [2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
    [2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
    [2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
    [2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
    [2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
    [2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
    [2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
    [2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
    [2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
    [2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
    [2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
    [2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
    [2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
    [2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    [2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
    [2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
    [2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
    [2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
    [2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
    [2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
    [2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
    [2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
    [2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
    [2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
    [2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
    [2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
    [2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
    [2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
    [2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
    [2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
    [2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
    [2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
    [2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
    [2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
    [2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
    [2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
    [2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
    [2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
    [2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
    [2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
    [2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
    [2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
    [2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
    [2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    [2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
    [2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    [2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
    [2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
    [2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
    [2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
    [2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
    [2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
    [2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
    [2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
    [2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
    [2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons

    ========== Files - Modified Within 30 Days ==========

    [2013/01/25 21:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/01/25 12:54:46 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/25 12:53:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/01/25 12:53:44 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/25 12:47:03 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/25 11:15:09 | 000,578,255 | ---- | M] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
    [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
    [2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
    [2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
    [2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
    [2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
    [2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

    ========== Files Created - No Company Name ==========

    [2013/01/25 11:15:08 | 000,578,255 | ---- | C] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
    [2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
    [2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
    [2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
    [2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
    [2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
    [2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
    [2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
    [2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
    [2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
    [2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
    [2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
    [2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
    [2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
    [2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
    [2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
    [2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
    [2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
    [2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
    [2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
    [2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
    [2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
    [2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
    [2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
    [2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
    [2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
    [2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
    [2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
    [2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
    [2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
    [2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
    [2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
    [2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
    [2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
    [2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
    [2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
    [2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
    [2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
    [2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
    [2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
    [2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
    [2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
    [2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
    [2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
    [2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
    [2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
    [2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
    [2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
    [2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
    [2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
    [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
    [2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
    [2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
    [2013/01/25 11:05:50 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
    [2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
    [2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
    Now Running the ESET Scan
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know how it went for the ESET scan, and then we will go from there. :D
  12. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Here is the EST Log...Sorry it took soooo long had to finally go to bed Again and Again Thank you so much for helping me...

    C:\Users\Davia Ward\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\056B4CFC.exea variant of Win32/Toolbar.MyWebSearch.O applicationcleaned by deleting - quarantined
    C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exea variant of Win32/Toolbar.SearchSuite.A applicationcleaned by deleting - quarantined
    C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\DnsBHO.dlla variant of Win32/Toolbar.SearchSuite applicationcleaned by deleting - quarantined
    C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\IEBHO.dlla variant of Win32/Toolbar.SearchSuite applicationcleaned by deleting - quarantined
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome!

    Looks like we only missed one remnant that ESET online scan took care of: C:\Users\Davia Ward\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\056B4CFC.exea variant of Win32/Toolbar.MyWebSearch.O applicationcleaned by deleting - quarantined

    But that's okay, because the rest was taken care of and the computer is clean! :D


    System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point, follow this tutorial for Windows 8: http://www.dummies.com/how-to/content/how-to-create-a-restore-point-for-windows-8.html


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.
    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Not sure if this tool will work for Windows 8. I haven't tried this tool yet. So, please let me know if it functions:

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  14. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Otl fix scan log

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
    C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
    File\Folder :commands not found.
    File\Folder [CREATERESTOREPOINT] not found.
    File\Folder [CLEARALLRESTOREPOINTS] not found.
    File\Folder [emptyflash] not found.
    File\Folder [emptytemp] not found.
    File\Folder [emptyjava] not found.
    File\Folder [reboot] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 01262013_150906

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  15. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Here is the security check

    Results of screen317's Security Check version 0.99.57
    x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java 7 Update 11
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Google Chrome 24.0.1312.52
    Google Chrome 24.0.1312.56
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Symantec Norton Online Backup NOBuAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent!

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  17. Daward40

    Daward40 Newcomer, in training Topic Starter Posts: 29

    Nope your awesome!!!!!! Thank you for all your help. I will be sending you a donation!!!! You are the bomb!!!
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great...and thank YOU for the opportunity to help.

    Topic solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.