Solved I just know I have a virus/Trojan something

Status
Not open for further replies.
Next OTL fix...

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
    FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Fixing Google Chrome

In order to remove infectious webpages from Google Chrome homepage and search settings, you have to do so manually.

Here is the way to do it.

1. Start Google Chrome.
2. Hit the wrench or triple line icon and choose Settings:

chrome10.png


3. In the On Startup section, hit "Set Pages":

chrome11.png


4. Find hxxp://www.searchnu.com/102 and hit the X all the way to the right on it and hit OK:

chrome12.png


5. Then, find the Search section and hit Manage Search Engines...

chrome13.png


6. In both Default Search Engines and Other Search Engines sections, find the following and delete them using the X at the far right:

Search Results = hxxp://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}

chrome14.png



7. DONE!


Post OTL fix log once done with all that with one more OTL Quick Scan to verify infection is gone. After that, we'll check with ESET scan and finish up. :)
 
The search engine you want me to delete (Search Results = hxxp://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}) does not have an x to it and it cant be deleted
 
Okay here's the OTL Fix Log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com deleted successfully.
C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin\chrome folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin folder moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ deleted successfully.
C:\Program Files (x86)\Coupon Savings\toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ deleted successfully.
File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{65c72339-fb1d-4155-84e1-9afacee02d6f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
File C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe moved successfully.
C:\Windows\uninst.exe moved successfully.
C:\Program Files (x86)\DefaultTab folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\components folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1 folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\SR Toolbar folder moved successfully.
C:\Program Files (x86)\jZip folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\setups folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI folder moved successfully.
C:\Program Files (x86)\InboxDollars folder moved successfully.
C:\windows\syspkgwk\x64 folder moved successfully.
C:\windows\syspkgwk\Templates folder moved successfully.
C:\windows\syspkgwk folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\DefaultTab folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeHelper folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Davia Ward
->Temp folder emptied: 7413358 bytes
->Temporary Internet Files folder emptied: 59063323 bytes
->Java cache emptied: 1769757 bytes
->Google Chrome cache emptied: 15934469 bytes
->Flash cache emptied: 1431 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 351727 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 31338630 bytes

Total Files Cleaned = 111.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01252013_110541
Files\Folders moved on Reboot...
C:\Users\Davia Ward\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Davia Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot..
 
OTL Log

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Davia Ward
->Temp folder emptied: 37005 bytes
->Temporary Internet Files folder emptied: 4512223 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8278514 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
 
I will not be back til this evening either family obligations if you leave me instructions I will get them then... Thank you for all your help!!!!!!!! Your Awsome!!!
 
Cool. One more Quick Scan from OTL, and then this:

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
OTL log Part 1

OTL logfile created on: 1/25/2013 9:23:29 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davia Ward\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.61% Memory free
5.82 Gb Paging File | 4.12 Gb Available in Paging File | 70.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.65 Gb Total Space | 408.78 Gb Free Space | 89.71% Space Free | Partition Type: NTFS

Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130125.004\ex64.sys -- (NAVEX15)
DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130125.004\eng64.sys -- (NAVENG)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.searchnu.com/102
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.searchnu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [*ForceDelete] C:\Users\Davia Ward\Desktop\adwcleaner.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
OTL Part 2

olor=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/01/25 11:05:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
[2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
[2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
[2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
[2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
[2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
[2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
[2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
[2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
[2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
[2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
[2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
[2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
[2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
[2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
[2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
[2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
[2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
[2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
[2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
[2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
[2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
[2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
[2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
[2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
[2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
[2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
[2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
[2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
[2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
[2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
[2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
[2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
[2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
[2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
[2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
[2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
[2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
[2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
[2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
[2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
[2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons

========== Files - Modified Within 30 Days ==========

[2013/01/25 21:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/25 12:54:46 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 12:53:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/25 12:53:44 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/25 12:47:03 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 11:15:09 | 000,578,255 | ---- | M] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
[2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
[2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

========== Files Created - No Company Name ==========

[2013/01/25 11:15:08 | 000,578,255 | ---- | C] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
[2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
[2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
[2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
[2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
[2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
[2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
[2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
[2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
[2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
[2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
[2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
[2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
[2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
[2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
[2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
[2013/01/25 11:05:50 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
Now Running the ESET Scan
 
Here is the EST Log...Sorry it took soooo long had to finally go to bed Again and Again Thank you so much for helping me...

C:\Users\Davia Ward\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\056B4CFC.exea variant of Win32/Toolbar.MyWebSearch.O applicationcleaned by deleting - quarantined
C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exea variant of Win32/Toolbar.SearchSuite.A applicationcleaned by deleting - quarantined
C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\DnsBHO.dlla variant of Win32/Toolbar.SearchSuite applicationcleaned by deleting - quarantined
C:\_OTL\MovedFiles\01252013_110541\C_Program Files (x86)\SR Toolbar\Datamngr\IEBHO.dlla variant of Win32/Toolbar.SearchSuite applicationcleaned by deleting - quarantined
 
You're welcome!

Looks like we only missed one remnant that ESET online scan took care of: C:\Users\Davia Ward\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\056B4CFC.exea variant of Win32/Toolbar.MyWebSearch.O applicationcleaned by deleting - quarantined

But that's okay, because the rest was taken care of and the computer is clean! :D


System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point, follow this tutorial for Windows 8: http://www.dummies.com/how-to/content/how-to-create-a-restore-point-for-windows-8.html


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Not sure if this tool will work for Windows 8. I haven't tried this tool yet. So, please let me know if it functions:

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Otl fix scan log

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
File\Folder :commands not found.
File\Folder [CREATERESTOREPOINT] not found.
File\Folder [CLEARALLRESTOREPOINTS] not found.
File\Folder [emptyflash] not found.
File\Folder [emptytemp] not found.
File\Folder [emptyjava] not found.
File\Folder [reboot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01262013_150906

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Here is the security check

Results of screen317's Security Check version 0.99.57
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 11
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Excellent!

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Nope your awesome!!!!!! Thank you for all your help. I will be sending you a donation!!!! You are the bomb!!!
 
Status
Not open for further replies.
Back