TechSpot

Malware?

Solved
By camshell
Aug 26, 2014
  1. Hello there im new to this forum hope I am doing this correctly

    I was hoping for some help of you guys :)

    when I open chrome I get this
    404. That’s an error.

    The requested URL /ig/redirectdomain?brand=TEUA&bmod=TEUA was not found on this server.That’s all we know.

    I have run malware bytes and adw cleaner but it is still there when you open chrome
    thanks for reading
    john.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Hello thank you so much for answering :)
    scan log ..
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 26/08/2014
    Scan Time: 10:17:57
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.26.01
    Rootkit Database: v2014.08.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Tosh

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 303886
    Time Elapsed: 32 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 85
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native\libs, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\adapter, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\abstractbutton, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\abstractbutton\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\alert, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\alert\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\icons, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\generic, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\generic\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\link, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\link\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\images, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\rss, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\rss\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\thirdparty, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\thirdparty\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\uninstall, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\uninstall\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\weather, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\weather\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\foreground, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\radioWrapper, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\background, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\_metadata, Quarantined, [85a4c803403b4bebd7c860686d955da3],
     
  4. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Files: 199
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_howtosimplified.dl.tb.ask.com_0.localstorage, Quarantined, [2306a328d8a381b5b97f758d2bd88779],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_howtosimplified.dl.tb.ask.com_0.localstorage-journal, Quarantined, [4fda814a90ebb68092a6cc36d132cd33],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kamaleideepgjgcjbjhamhchimbdfkmi_0.localstorage, Quarantined, [6bbe5675d5a6e551855f8680a45f33cd],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kamaleideepgjgcjbjhamhchimbdfkmi_0.localstorage-journal, Quarantined, [6fba319a88f3999d588cb650ba4957a9],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\buildVars.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\config.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\contentScript.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\contentScript.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\extension_toolbar_api.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\initWidgetWindow.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\manifest.json, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\options.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\spent.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\spent.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\spent.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\superFrame.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\toolbar.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\toolbar.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\toolbarUI.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\toolbarUI.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\toolbarUI.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native\ce.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native\ss.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native\libs\jquery-1.7.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\native\libs\jquery-1.9.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\adapter\adapterUtil.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\adapter\widget-adapter.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\alert\background\alertButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\background\FlareWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\flare\icons\Thumbs.db, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\generic\background\GenericWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\link\background\linkButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\README.txt, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\background\menuButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\css\menuframe.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\html\menuframe.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\images\right_arrow.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\images\right_arrow_white.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\js\menuframe.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\js\query-string.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\rss\background\RssWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\components\weather\background\weatherButton.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\blacklistService.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\common.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\dynamic.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\enableDetect.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\eventListening.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\global.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\jquery-1.7.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\list-interaction.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\messageEventListener.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\navRedirector.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\paramReplacer.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\PartnerId.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\set.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\underscore-1.3.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\underscore-1.5.2.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\js\unifiedLogging.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widget-context-1.0.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\common.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\set.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\invalid.json, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\jquery.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\qunit.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\qunit.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\resource.json, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\resource.xml, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\background\ApiBasedWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\background\widget-api-impl.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window\widgetWindow.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\api\window\widgetWindow.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\background\updateSearch.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\css\movieReviews.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\html\movieReviews.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\moviereviews\js\movieReviews.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\background\RadioWidget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\css\toolbar-item.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\foreground\button.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\background\searchBox.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\html\searchSuggestions.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\html\searchSuggestions.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\html\searchSuggestions.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\search\html\searchSuggestionsInit.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\css\supertab.css, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\html\supertab.html, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\newtabfork.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\reporting.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\srchsugg.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\supertab.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\unifiedLogging.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\components\supertab\js\__utm.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\arrowSprite.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\icon128.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\icon16.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\icon19disabled.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\icon19on.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\icon48.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222123971.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222123974.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222123996.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222124008.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222124022.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\222124038.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\down_arrow.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\magnifying_glass.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\RadioPlayerSprite.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\search_button.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\tvf_icon_guide.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\tvf_logo.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\images\wrench.png, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\options.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\chromeUtils.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\exeManager.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\exePackageManager.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\focusManager.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\globalBlacklistManager.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\messaging.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\mutation_summary-min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\mutation_summary.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\newTabInfo.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\newTabInitialize.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\readLocalStorage.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\reservespacefortoolbar.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\reservespaceifenabled.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\scriptInjector.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\searchContext.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\settingsOverrides.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\toolbarCookieParser.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\toolbarPreinit.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\underscore-1.3.1.min.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\URILoaderContentScript.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\Widget.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\widgetFactory.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\js\widgetWindowManager.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared\HttpURL.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared\rsvp-latest.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared\unifiedLogging.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared\universalConsole.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\shared\utils.js, Quarantined, [85a4c803403b4bebd7c860686d955da3],
    PUP.Optional.MindSpark.A, C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamaleideepgjgcjbjhamhchimbdfkmi\10.82.4.29839_0\_metadata\verified_contents.json, Quarantined, [85a4c803403b4bebd7c860686d955da3],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  5. camshell

    camshell TS Rookie Topic Starter Posts: 28

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/04/2014 04:35:38
    System Uptime: 27/08/2014 09:31:12 (1 hours ago)
    .
    Motherboard: AMD | | Inagua
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 1650/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 297 GiB total, 193.851 GiB free.
    D: is FIXED (NTFS) - 298 GiB total, 103.493 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP39: 05/08/2014 16:31:49 - Windows Update
    RP40: 12/08/2014 10:38:21 - Windows Update
    RP41: 13/08/2014 23:59:40 - Windows Update
    RP42: 18/08/2014 22:03:38 - Installed inSSIDer Home
    RP43: 19/08/2014 16:29:26 - Windows Update
    RP44: 26/08/2014 10:07:03 - Installed Java 7 Update 67
    RP45: 26/08/2014 10:07:05 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
    Adobe AIR
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader X MUI
    aioscnnr
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    ASIO4ALL
    Atheros Bluetooth Filter Driver Package
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    Battlelog Web Plugins
    BBC iPlayer Desktop
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bluetooth Stack for Windows by Toshiba
    C4USelfUpdater
    Canon MG5300 series MP Drivers
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    center
    Chicken Invaders 3 - Revenge of the Yolk
    Chuzzle Deluxe
    Comodo Dragon
    COMODO Internet Security Premium
    Conexant HD Audio
    D3DX10
    Diner Dash 2 Restaurant Rescue
    ESN Sonar
    essentials
    FATE
    Final Drive: Nitro
    FL Studio 11
    FlowStone FL 3.0
    GeekBuddy
    GIMP 2.8.10
    Glary Utilities 5.5
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High-Definition Video Playback
    IL Shared Libraries
    Insaniquarium Deluxe
    inSSIDer Home
    iSnooker 2.2.53
    Java 7 Update 67
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Kodak AIO Printer
    KODAK AiO Software
    Malwarebytes Anti-Malware version 2.0.2.1012
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero Kwik Media
    Nero Multimedia Suite 10 Essentials
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    NeroKwikMedia Help (CHM)
    ocr
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PokerStars
    Polar Bowler
    PreReq
    PrintProjects
    PrivDog
    Realtek USB 2.0 Reader Driver
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Skype™ 6.11
    Slingo Deluxe
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Manuals
    TOSHIBA Online Product Information
    TOSHIBA PC Health Monitor
    TOSHIBA Places Icon Utility
    TOSHIBA Recovery Media Creator
    TOSHIBA Recovery Media Creator Reminder
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA TEMPRO
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    TRORMCLauncher
    Update Installer for WildTangent Games App
    Wedding Dash 2 - Rings Around the World
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalleri
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    Windows Live Mesh ActiveX-objekt til fjernforbindelser
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Meshin etäyhteyksien ActiveX-komponentti
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/08/2014 09:34:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    27/08/2014 09:33:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    27/08/2014 09:33:55, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    27/08/2014 09:33:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    27/08/2014 09:33:43, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    27/08/2014 09:33:37, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  6. camshell

    camshell TS Rookie Topic Starter Posts: 28

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
    Run by Tosh at 10:01:23 on 2014-08-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.3031 [GMT 1:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\TECO\Teco.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedadssvc.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
    C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    C:\Program Files\COMODO\GeekBuddy\unit.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
    uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedadssvc.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Conime] C:\Windows\System32\conime.exe
    mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
    dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-6-21 17600]
    R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-7 37976]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
    R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-5-23 20672]
    R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-7 14888]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-26 204288]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-7-25 70864]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-7-25 2327248]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2014-5-6 395640]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-12-11 780152]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-26 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-26 860472]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-12-8 267192]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-4-26 116752]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-26 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-26 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-26 63704]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2014-4-26 38096]
    R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2010-10-18 42096]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-4-26 250984]
    S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2014-4-26 307304]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-4-26 54136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-29 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-08-26 10:00:09 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-08-26 09:18:55 -------- d-----w- C:\AdwCleaner
    2014-08-26 09:17:43 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-08-26 09:17:10 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-08-26 09:17:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-08-26 09:17:10 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-08-26 09:17:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-08-26 09:17:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-26 09:09:38 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-26 09:08:31 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B46C8361-7F86-4609-AD3B-3E3087CFD835}\mpengine.dll
    2014-08-20 20:23:17 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
    2014-08-20 20:14:54 -------- d-----w- C:\Program Files (x86)\VstPlugins
    2014-08-20 20:13:03 -------- d-----w- C:\Users\Tosh\AppData\Roaming\FlowStone
    2014-08-20 20:13:02 -------- d-----w- C:\Program Files (x86)\DSPRobotics
    2014-08-20 20:04:02 -------- d-----w- C:\Program Files (x86)\Image-Line
    2014-08-18 21:04:53 -------- d-----w- C:\Users\Tosh\AppData\Local\MetaGeek,_LLC
    2014-08-18 21:04:25 -------- d-----w- C:\Program Files (x86)\MetaGeek
    2014-08-13 23:01:16 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-08-13 23:01:16 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-08-13 23:01:15 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-08-13 23:01:15 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-08-13 23:01:14 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-08-13 23:01:14 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-08-13 23:00:55 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-08-13 23:00:55 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-08-13 16:37:22 -------- d-----w- C:\ProgramData\eJay
    2014-08-13 16:05:32 97280 ----a-w- C:\Windows\SysWow64\ccrpbds5.dll
    2014-08-13 16:05:32 262144 ----a-w- C:\Windows\SysWow64\mpg4ds32.ax
    2014-08-13 16:05:31 45056 ----a-w- C:\Windows\SysWow64\eJayxWaveDest.ax
    2014-08-13 16:05:30 57344 ----a-w- C:\Windows\SysWow64\eJayxQuell.ax
    2014-08-13 16:05:30 528384 ----a-w- C:\Windows\SysWow64\eJayxAudio.ax
    2014-08-13 16:05:29 348160 ----a-w- C:\Windows\SysWow64\eJ_UniDialog.ocx
    2014-08-13 16:05:29 286720 ----a-w- C:\Windows\SysWow64\EjWaveEditorCtrl.ocx
    2014-08-13 16:05:28 608448 ----a-w- C:\Windows\SysWow64\ComCtl32.ocx
    2014-08-13 16:05:28 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX
    2014-08-13 16:05:28 100864 ----a-w- C:\Windows\SysWow64\eJ_Explorer.ocx
    2014-08-13 15:55:51 -------- d-----w- C:\Program Files (x86)\eJay
    2014-08-13 15:55:25 -------- d-----w- C:\ProgramData\DownloadManager
    2014-07-30 15:52:20 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
    .
    ==================== Find3M ====================
    .
    2014-08-12 19:06:22 20672 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
    2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
    2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-08-05 08:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
    2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
    2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-07-09 19:06:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 19:06:27 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
    2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
    2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
    2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
    2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
    2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
    2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
    2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2014-06-03 01:26:48 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
    2014-06-03 01:05:44 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
    2014-06-01 21:01:39 0 ----a-w- C:\Windows\SysWow64\OLD6D03.tmp
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-05-29 15:01:40 57096 ----a-w- C:\Windows\System32\certsentry.dll
    2014-05-29 15:01:40 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
    .
    ============= FINISH: 10:05:01.57 ===============
     
  7. camshell

    camshell TS Rookie Topic Starter Posts: 28

    I think I have done it right thanks again for helping

    it did make me quarantine some things but I do not inderstand most of it :)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  9. camshell

    camshell TS Rookie Topic Starter Posts: 28

    RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Tosh [Admin rights]
    Mode : Remove -- Date : 08/28/2014 11:01:10

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520} | DhcpNameServer : 194.168.4.100 194.168.8.100 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX ATA Device +++++
    --- User ---
    [MBR] c625e5eda1037240fe2b27b5c5508f0e
    [BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304588 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 624617472 | Size: 305491 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_08282014_110046.log
     
  10. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Mbar-log-2014-08-28 (11-07-16).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 308393
    Time elapsed: 43 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  11. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17239

    Java version: 1.6.0_20

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.646000 GHz
    Memory total: 6013444096, free: 2486439936

    Downloaded database version: v2014.08.28.01
    Downloaded database version: v2014.08.21.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C8C756AF

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 819200
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 821248 Numsec = 623796224

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 624617472 Numsec = 625645568

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
     
  12. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Says not found anything but I still have this redirect thing when starting chrome
    :)
     
  13. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. camshell

    camshell TS Rookie Topic Starter Posts: 28

    ComboFix 14-08-29.03 - Tosh 29/08/2014 9:47.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.3840 [GMT 1:00]
    Running from: c:\users\Tosh\Downloads\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Default\AppData\Roaming\DPInst.exe
    c:\users\Default\AppData\Roaming\gacutil.exe
    c:\users\Default\AppData\Roaming\PnPutil.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-29 09:07 . 2014-08-29 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-29 08:46 . 2014-08-29 08:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0772664-3F18-42E9-AF3F-7799062FD3FE}\offreg.dll
    2014-08-29 07:54 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0772664-3F18-42E9-AF3F-7799062FD3FE}\mpengine.dll
    2014-08-28 10:06 . 2014-08-28 10:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-08-28 09:50 . 2014-08-28 09:50 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-08-28 09:50 . 2014-08-28 09:50 -------- d-----w- c:\programdata\RogueKiller
    2014-08-28 06:02 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-28 06:02 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-28 06:02 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
    2014-08-27 18:54 . 2014-08-27 18:54 -------- d-----w- c:\users\Tosh\AppData\Local\DDMSettings
    2014-08-27 18:49 . 2014-08-27 18:50 -------- d-----w- c:\users\Tosh\AppData\Roaming\DivX
    2014-08-27 18:49 . 2014-08-27 18:49 -------- d-----w- c:\program files\DivX
    2014-08-27 18:48 . 2014-08-27 18:50 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2014-08-27 18:48 . 2014-08-27 18:50 -------- d-----w- c:\program files (x86)\DivX
    2014-08-27 18:44 . 2014-08-27 18:50 -------- d-----w- c:\programdata\DivX
    2014-08-26 11:54 . 2014-08-26 11:57 -------- d-----w- c:\users\Default\AppData\Local\Eastman_Kodak_Company
    2014-08-26 11:45 . 2014-08-26 11:45 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center363017442
    2014-08-26 10:00 . 2010-08-30 07:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-08-26 09:18 . 2014-08-26 10:04 -------- d-----w- C:\AdwCleaner
    2014-08-26 09:17 . 2014-08-29 07:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-26 09:17 . 2014-08-28 10:05 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-26 09:17 . 2014-08-26 09:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-08-26 09:17 . 2014-08-26 09:17 -------- d-----w- c:\programdata\Malwarebytes
    2014-08-26 09:17 . 2014-05-12 06:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-26 09:17 . 2014-05-12 06:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-08-26 09:10 . 2014-08-26 09:10 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-08-26 09:09 . 2014-08-26 09:09 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-20 20:23 . 2014-08-20 20:23 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
    2014-08-20 20:14 . 2014-08-20 20:14 -------- d-----w- c:\program files (x86)\VstPlugins
    2014-08-20 20:13 . 2014-08-20 20:13 -------- d-----w- c:\users\Tosh\AppData\Roaming\FlowStone
    2014-08-20 20:13 . 2014-08-20 20:13 -------- d-----w- c:\program files (x86)\DSPRobotics
    2014-08-20 20:04 . 2014-08-20 20:06 -------- d-----w- c:\program files (x86)\Image-Line
    2014-08-18 21:04 . 2014-08-18 21:05 -------- d-----w- c:\users\Tosh\AppData\Local\MetaGeek,_LLC
    2014-08-18 21:04 . 2014-08-18 21:04 -------- d-----w- c:\program files (x86)\MetaGeek
    2014-08-13 23:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-13 23:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-08-13 23:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-13 23:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-08-13 23:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-13 23:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-08-13 23:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-08-13 23:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-13 17:25 . 2014-08-13 17:25 341848 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
    2014-08-13 16:37 . 2014-08-13 16:40 -------- d-----w- c:\programdata\eJay
    2014-08-13 16:05 . 2010-09-24 11:44 97280 ----a-w- c:\windows\SysWow64\ccrpbds5.dll
    2014-08-13 16:05 . 2010-07-05 00:49 262144 ----a-w- c:\windows\SysWow64\mpg4ds32.ax
    2014-08-13 16:05 . 2010-04-26 09:52 45056 ----a-w- c:\windows\SysWow64\eJayxWaveDest.ax
    2014-08-13 16:05 . 2010-04-26 09:52 57344 ----a-w- c:\windows\SysWow64\eJayxQuell.ax
    2014-08-13 16:05 . 2010-04-26 09:52 528384 ----a-w- c:\windows\SysWow64\eJayxAudio.ax
    2014-08-13 16:05 . 2010-04-26 09:52 348160 ----a-w- c:\windows\SysWow64\eJ_UniDialog.ocx
    2014-08-13 16:05 . 2010-04-26 09:52 286720 ----a-w- c:\windows\SysWow64\EjWaveEditorCtrl.ocx
    2014-08-13 16:05 . 2010-05-17 08:36 108336 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
    2014-08-13 16:05 . 2010-05-03 01:40 608448 ----a-w- c:\windows\SysWow64\ComCtl32.ocx
    2014-08-13 16:05 . 2010-04-26 09:52 100864 ----a-w- c:\windows\SysWow64\eJ_Explorer.ocx
    2014-08-13 15:55 . 2014-08-13 15:55 -------- d-----w- c:\program files (x86)\eJay
    2014-08-13 15:55 . 2014-08-13 15:55 -------- d-----w- c:\programdata\DownloadManager
    2014-08-13 06:53 . 2014-07-25 13:42 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-07-30 15:52 . 2014-07-30 15:52 -------- d-----w- c:\program files (x86)\Common Files\COMODO
     
  15. camshell

    camshell TS Rookie Topic Starter Posts: 28

    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-29 07:41 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-13 23:10 . 2014-05-04 10:22 99218768 ----a-w- c:\windows\system32\MRT.exe
    2014-08-12 19:06 . 2014-05-23 07:39 20672 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
    2014-08-05 08:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-07-09 19:06 . 2014-04-28 17:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 19:06 . 2014-04-28 17:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-06-26 05:33 . 2014-06-26 05:33 14888 ----a-w- c:\windows\system32\drivers\hmd.sys
    2014-06-26 05:33 . 2014-06-26 05:33 14888 ----a-w- c:\windows\inf\HMD\hmd.sys
    2014-06-26 05:33 . 2014-06-26 05:33 37976 ----a-w- c:\windows\system32\drivers\CFRMD.sys
    2014-06-26 05:33 . 2014-06-26 05:33 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys
    2014-06-18 02:18 . 2014-07-10 09:44 692736 ----a-w- c:\windows\system32\osk.exe
    2014-06-18 01:51 . 2014-07-10 09:44 646144 ----a-w- c:\windows\SysWow64\osk.exe
    2014-06-06 10:10 . 2014-07-10 09:45 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-06-06 09:44 . 2014-07-10 09:45 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-06-05 14:45 . 2014-07-10 09:43 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-06-05 14:26 . 2014-07-10 09:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-06-05 14:25 . 2014-07-10 09:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-06-03 01:26 . 2014-06-21 08:39 118048 ----a-w- c:\windows\system32\BootDefrag.exe
    2014-06-03 01:05 . 2014-06-21 08:39 17600 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
    2014-06-01 21:01 . 2014-06-01 21:01 0 ----a-w- c:\windows\SysWow64\OLD6D03.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
    2014-04-29 15:37 932520 ----a-w- c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
    "GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-08-04 37152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
    "PrivDogService"="c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedadssvc.exe" [2014-04-29 663208]
    "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-07-25 2327248]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-7-25 48848]
    Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1470848]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe"/hide:60
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
    S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
    S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
    S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    .
    .
     
  16. camshell

    camshell TS Rookie Topic Starter Posts: 28

    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-08-14 14:33 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 19:06]
    .
    2014-08-29 c:\windows\Tasks\GlaryInitialize 5.job
    - c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-08-04 01:41]
    .
    2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
    .
    2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-08-03 150992]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72}: NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520}: NameServer = 156.154.70.22,156.154.71.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    Completion time: 2014-08-29 10:18:44
    ComboFix-quarantined-files.txt 2014-08-29 09:18
    .
    Pre-Run: 200,790,376,448 bytes free
    Post-Run: 200,732,147,712 bytes free
    .
    - - End Of File - - FC7F63C45EEC1D69D35725B871B25DF8
    A36C5E4F47E84449FF07ED3517B43A31
     
  17. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

    P. S. I'm going out of town this afternoon. I'll be back on Sunday evening.
     
  18. camshell

    camshell TS Rookie Topic Starter Posts: 28

    # AdwCleaner v3.308 - Report created 29/08/2014 at 22:59:04
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Tosh - TOSH-TOSH
    # Running from : C:\Users\Tosh\Downloads\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [2286 octets] - [26/08/2014 10:58:50]
    AdwCleaner[R1].txt - [1185 octets] - [29/08/2014 22:41:56]
    AdwCleaner[R2].txt - [1306 octets] - [29/08/2014 22:57:24]
    AdwCleaner[S0].txt - [2454 octets] - [26/08/2014 11:03:54]
    AdwCleaner[S1].txt - [1251 octets] - [29/08/2014 22:46:39]
    AdwCleaner[S2].txt - [1231 octets] - [29/08/2014 22:59:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1291 octets] ##########
     
  19. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Tosh on 29/08/2014 at 23:42:47.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
    Successfully deleted: [Folder] "C:\Users\Tosh\appdata\locallow\boost_interprocess"
    Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
    Successfully deleted: [Empty Folder] C:\Users\Tosh\appdata\local\{45DE51B5-7314-4512-8B16-AB36D9D3BDCC}
    Successfully deleted: [Empty Folder] C:\Users\Tosh\appdata\local\{4F61CEB2-08AA-4754-A0F0-324BE2504DFE}
    Successfully deleted: [Empty Folder] C:\Users\Tosh\appdata\local\{9B27ABAC-AEA1-493A-AE16-3A6BF72611E7}
    Successfully deleted: [Empty Folder] C:\Users\Tosh\appdata\local\{D2490940-0C5F-46C2-944F-2E93B9077D6B}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 30/08/2014 at 1:12:04.23
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
    Ran by Tosh (administrator) on TOSH-TOSH on 30-08-2014 19:42:29
    Running from C:\Users\Tosh\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
    (Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
    HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-25] (Comodo Security Solutions, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
    HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
    HKU\S-1-5-21-2088121290-2798835046-2844222186-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
    HKU\S-1-5-21-2088121290-2798835046-2844222186-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
    ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    BootExecute: autocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    Tcpip\..\Interfaces\{5B7B3EEB-7286-4629-8015-FFBFC0A6DD72}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{FCF43C59-F784-450C-8A0F-1A928D70D520}: [NameServer] 156.154.70.22,156.154.71.22

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-08-03]
     
  21. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
    CHR Profile: C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (PrivDog) - C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-05-16]
    CHR Extension: (Google Wallet) - C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
    CHR Extension: (ArcadeFrontier) - C:\Users\Tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-08-27]
    CHR HKCU\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Users\Tosh\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-07-25] (Comodo Security Solutions, Inc.)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
    R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
    R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-25] (Comodo Security Solutions, Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-03] (Glarysoft Ltd)
    R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows (R) Win 7 DDK provider) [File not signed]
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-12] (Glarysoft Ltd)
    R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2014-06-26] ()
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-30] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    S3 Tosrfcom; No ImagePath
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-28] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 19:42 - 2014-08-30 19:43 - 00016957 _____ () C:\Users\Tosh\Downloads\FRST.txt
    2014-08-30 19:42 - 2014-08-30 19:42 - 00000000 ____D () C:\FRST
    2014-08-30 19:41 - 2014-08-30 19:42 - 02103808 _____ (Farbar) C:\Users\Tosh\Downloads\FRST64.exe
    2014-08-30 01:12 - 2014-08-30 01:12 - 00001471 _____ () C:\Users\Tosh\Desktop\JRT.txt
    2014-08-29 23:07 - 2014-08-29 23:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-29 23:06 - 2014-08-29 23:06 - 01016261 _____ (Thisisu) C:\Users\Tosh\Downloads\JRT.exe
    2014-08-29 10:18 - 2014-08-29 10:18 - 00028335 _____ () C:\ComboFix.txt
    2014-08-29 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-08-29 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-08-29 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-08-29 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-08-29 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-08-29 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-08-29 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-08-29 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-08-29 09:38 - 2014-08-29 10:19 - 00000000 ____D () C:\Qoobox
    2014-08-29 09:37 - 2014-08-29 10:10 - 00000000 ____D () C:\Windows\erdnt
    2014-08-29 09:34 - 2014-08-29 09:35 - 05576760 ____R (Swearware) C:\Users\Tosh\Downloads\ComboFix.exe
    2014-08-28 11:06 - 2014-08-28 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-28 11:05 - 2014-08-28 11:54 - 00000000 ____D () C:\Users\Tosh\Desktop\mbar
    2014-08-28 11:05 - 2014-08-28 11:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tosh\Downloads\mbar-1.07.0.1012.exe
    2014-08-28 10:50 - 2014-08-28 10:50 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-28 10:50 - 2014-08-28 10:50 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-28 10:49 - 2014-08-28 10:50 - 04851288 _____ () C:\Users\Tosh\Downloads\RogueKiller.exe
    2014-08-28 07:02 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-28 07:02 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-28 07:02 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-27 19:54 - 2014-08-27 19:54 - 00000000 ____D () C:\Users\Tosh\AppData\Local\DDMSettings
    2014-08-27 19:50 - 2014-08-27 19:50 - 00001581 _____ () C:\Users\Tosh\Desktop\DivX Movies.lnk
    2014-08-27 19:50 - 2014-08-27 19:50 - 00001073 _____ () C:\Users\Public\Desktop\DivX Player.lnk
    2014-08-27 19:49 - 2014-08-27 19:50 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\DivX
    2014-08-27 19:49 - 2014-08-27 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
    2014-08-27 19:49 - 2014-08-27 19:49 - 00001138 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
    2014-08-27 19:49 - 2014-08-27 19:49 - 00000000 ____D () C:\Program Files\DivX
    2014-08-27 19:48 - 2014-08-27 19:50 - 00000000 ____D () C:\Program Files (x86)\DivX
    2014-08-27 19:44 - 2014-08-27 19:50 - 00000000 ____D () C:\ProgramData\DivX
    2014-08-27 19:43 - 2014-08-27 19:44 - 00995648 _____ (DivX, LLC) C:\Users\Tosh\Downloads\DivXInstaller.exe
    2014-08-27 10:05 - 2014-08-27 10:05 - 00025794 _____ () C:\Users\Tosh\Desktop\dds.txt
    2014-08-27 10:05 - 2014-08-27 10:05 - 00008234 _____ () C:\Users\Tosh\Desktop\attach.txt
    2014-08-27 10:00 - 2014-08-27 10:00 - 00688992 ____R (Swearware) C:\Users\Tosh\Downloads\dds.com
    2014-08-27 09:55 - 2014-08-27 09:55 - 00066566 _____ () C:\Users\Tosh\Desktop\scan 1.txt
    2014-08-26 21:00 - 2014-08-26 21:01 - 00001764 _____ () C:\Users\Tosh\Desktop\Rkill.txt
    2014-08-26 21:00 - 2014-08-26 21:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Tosh\Downloads\rkill.exe
    2014-08-26 20:55 - 2014-08-26 20:57 - 00006996 _____ () C:\Users\Default\AppData\Local\installer.log
    2014-08-26 20:55 - 2014-08-26 20:57 - 00006996 _____ () C:\Users\Default User\AppData\Local\installer.log
    2014-08-26 12:54 - 2014-08-26 12:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Eastman_Kodak_Company
    2014-08-26 12:54 - 2014-08-26 12:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Eastman_Kodak_Company
    2014-08-26 12:54 - 2014-08-26 12:54 - 00002163 _____ () C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Temp
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\KODAK AiO Home Center363017442
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Temp
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\KODAK AiO Home Center363017442
    2014-08-26 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-08-26 10:18 - 2014-08-29 22:59 - 00000000 ____D () C:\AdwCleaner
    2014-08-26 10:17 - 2014-08-30 03:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-26 10:17 - 2014-08-28 11:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-26 10:17 - 2014-08-26 10:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-26 10:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-26 10:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-26 10:16 - 2014-08-26 10:16 - 01364531 _____ () C:\Users\Tosh\Downloads\adwcleaner_3.308.exe
    2014-08-26 10:15 - 2014-08-26 10:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tosh\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-21 17:11 - 2014-08-21 17:35 - 3103333306 _____ () C:\Users\Tosh\Desktop\Focus T25.zip
    2014-08-21 05:54 - 2014-08-29 23:01 - 00003856 _____ () C:\Windows\PFRO.log
    2014-08-20 21:23 - 2014-08-20 21:23 - 00001149 _____ () C:\Users\Tosh\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2014-08-20 21:23 - 2014-08-20 21:23 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2014-08-20 21:23 - 2014-08-20 21:23 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
    2014-08-20 21:13 - 2014-08-29 22:30 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\FlowStone
    2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
    2014-08-20 21:04 - 2014-08-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Image-Line
     
  22. camshell

    camshell TS Rookie Topic Starter Posts: 28

    2014-08-20 21:01 - 2014-08-20 21:02 - 323060176 _____ (Image-Line) C:\Users\Tosh\Downloads\flstudio_11.1.exe
    2014-08-18 22:04 - 2014-08-18 22:05 - 00000000 ____D () C:\Users\Tosh\AppData\Local\MetaGeek,_LLC
    2014-08-18 22:04 - 2014-08-18 22:04 - 00002489 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
    2014-08-18 22:04 - 2014-08-18 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
    2014-08-18 22:04 - 2014-08-18 22:04 - 00000000 ____D () C:\Program Files (x86)\MetaGeek
    2014-08-18 22:02 - 2014-08-18 22:02 - 04767744 _____ () C:\Users\Tosh\Downloads\inSSIDer-installer.msi
    2014-08-18 21:43 - 2014-08-18 21:43 - 01529664 _____ (LogMeIn, Inc.) C:\Users\Tosh\Downloads\Support-LogMeInRescue.exe
    2014-08-14 00:01 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-14 00:01 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-08-14 00:01 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-14 00:01 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-14 00:01 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-08-14 00:01 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-08-14 00:00 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-08-14 00:00 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-13 18:25 - 2014-08-13 18:25 - 00341848 _____ (DivX, LLC) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
    2014-08-13 17:37 - 2014-08-13 17:40 - 00000000 ____D () C:\ProgramData\eJay
    2014-08-13 17:05 - 2014-08-13 17:05 - 00001364 _____ () C:\Users\Public\Desktop\eJay Dance 6 Reloaded.lnk
    2014-08-13 17:05 - 2014-08-13 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eJay
    2014-08-13 17:05 - 2010-09-24 12:44 - 00097280 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\SysWOW64\ccrpbds5.dll
    2014-08-13 17:05 - 2010-07-05 01:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4ds32.ax
    2014-08-13 17:05 - 2010-05-17 09:36 - 00108336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
    2014-08-13 17:05 - 2010-05-03 02:40 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComCtl32.ocx
    2014-08-13 17:05 - 2010-04-26 10:52 - 00528384 _____ (eJay Entertainment GmbH) C:\Windows\SysWOW64\eJayxAudio.ax
    2014-08-13 17:05 - 2010-04-26 10:52 - 00348160 _____ (eJay AG) C:\Windows\SysWOW64\eJ_UniDialog.ocx
    2014-08-13 17:05 - 2010-04-26 10:52 - 00286720 _____ (Ejay AG) C:\Windows\SysWOW64\EjWaveEditorCtrl.ocx
    2014-08-13 17:05 - 2010-04-26 10:52 - 00100864 _____ (zwei) C:\Windows\SysWOW64\eJ_Explorer.ocx
    2014-08-13 17:05 - 2010-04-26 10:52 - 00057344 _____ () C:\Windows\SysWOW64\eJayxQuell.ax
    2014-08-13 17:05 - 2010-04-26 10:52 - 00045056 _____ () C:\Windows\SysWOW64\eJayxWaveDest.ax
    2014-08-13 16:55 - 2014-08-13 16:55 - 00000000 ____D () C:\ProgramData\DownloadManager
    2014-08-13 16:55 - 2014-08-13 16:55 - 00000000 ____D () C:\Program Files (x86)\eJay
    2014-08-13 16:46 - 2014-08-13 16:55 - 00000000 ____D () C:\Users\Tosh\Desktop\eJay Dance 6 Reloaded
    2014-08-13 16:46 - 2014-08-13 16:46 - 00973104 _____ () C:\Users\Tosh\Downloads\ejay_dance6_reloaded_downloader.exe
    2014-08-13 14:39 - 2013-08-08 12:37 - 733663232 _____ () C:\Users\Tosh\Desktop\Insanity - Fast and Furious workout.avi
    2014-08-13 14:38 - 2014-08-13 14:44 - 00000000 ____D () C:\Users\Tosh\Desktop\Insanity
    2014-08-13 12:28 - 2014-08-13 14:37 - 00000000 ____D () C:\Users\Tosh\Desktop\Camera Pics Baqckup
    2014-08-13 07:54 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-13 07:54 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-08-13 07:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-13 07:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-13 07:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-13 07:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-13 07:54 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-13 07:54 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-08-13 07:54 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-08-13 07:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-08-13 07:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-08-13 07:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-08-13 07:54 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-13 07:54 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-08-13 07:54 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-13 07:54 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-08-13 07:54 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-13 07:54 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-13 07:54 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-13 07:54 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-13 07:54 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-13 07:54 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-08-13 07:54 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-08-13 07:54 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-08-13 07:53 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-13 07:53 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-13 07:53 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-13 07:53 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-13 07:53 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-13 07:53 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-13 07:53 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-13 07:53 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-13 07:53 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-13 07:53 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-13 07:53 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-13 07:53 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-13 07:53 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-13 07:53 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-13 07:53 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-13 07:53 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-13 07:53 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-13 07:53 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-13 07:53 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-13 07:53 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-13 07:53 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-13 07:53 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-13 07:53 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-13 07:53 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-13 07:53 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-13 07:53 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-13 07:53 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-13 07:53 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-13 07:53 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-13 07:53 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-13 07:53 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-13 07:53 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-13 07:53 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-13 07:53 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-13 07:53 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-13 07:53 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-13 07:53 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-13 07:53 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-13 07:53 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-13 07:53 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-13 07:53 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-13 07:53 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-13 07:53 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-13 07:53 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-13 07:53 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-13 07:53 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-13 07:53 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-13 07:53 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-13 07:53 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-13 07:53 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-13 07:53 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-13 07:53 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-13 07:53 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-13 07:53 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-13 07:53 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-13 07:53 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-13 07:53 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-13 07:53 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-13 07:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-13 07:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-08-12 20:00 - 2014-08-12 20:01 - 14416304 _____ () C:\Users\Tosh\Downloads\gu5setup.exe
    2014-08-12 16:00 - 2014-08-29 23:39 - 00006924 _____ () C:\Windows\setupact.log
    2014-08-12 16:00 - 2014-08-12 16:00 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-11 00:05 - 2014-08-11 00:11 - 00000000 ____D () C:\Users\Tosh\Desktop\Focus T25
    2014-08-04 20:11 - 2014-08-04 21:10 - 00000000 ____D () C:\Users\Tosh\Desktop\Devon
     
  23. camshell

    camshell TS Rookie Topic Starter Posts: 28

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 19:43 - 2014-08-30 19:42 - 00016957 _____ () C:\Users\Tosh\Downloads\FRST.txt
    2014-08-30 19:42 - 2014-08-30 19:42 - 00000000 ____D () C:\FRST
    2014-08-30 19:42 - 2014-08-30 19:41 - 02103808 _____ (Farbar) C:\Users\Tosh\Downloads\FRST64.exe
    2014-08-30 19:39 - 2014-04-28 18:40 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
    2014-08-30 19:20 - 2011-08-03 04:56 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-30 19:06 - 2014-04-28 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-30 18:19 - 2014-04-26 02:50 - 02077025 _____ () C:\Windows\WindowsUpdate.log
    2014-08-30 18:19 - 2011-08-03 04:56 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-30 15:20 - 2014-06-02 14:02 - 00000000 ____D () C:\ProgramData\Kodak
    2014-08-30 03:34 - 2014-08-26 10:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-30 03:33 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 03:33 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 01:12 - 2014-08-30 01:12 - 00001471 _____ () C:\Users\Tosh\Desktop\JRT.txt
    2014-08-29 23:43 - 2014-05-23 08:39 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-08-29 23:42 - 2014-05-23 08:39 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-08-29 23:39 - 2014-08-12 16:00 - 00006924 _____ () C:\Windows\setupact.log
    2014-08-29 23:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-29 23:07 - 2014-08-29 23:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-29 23:06 - 2014-08-29 23:06 - 01016261 _____ (Thisisu) C:\Users\Tosh\Downloads\JRT.exe
    2014-08-29 23:01 - 2014-08-21 05:54 - 00003856 _____ () C:\Windows\PFRO.log
    2014-08-29 22:59 - 2014-08-26 10:18 - 00000000 ____D () C:\AdwCleaner
    2014-08-29 22:48 - 2009-07-14 06:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-29 22:34 - 2014-06-04 22:08 - 00000000 ____D () C:\Users\Tosh\AppData\Local\PokerStars
    2014-08-29 22:34 - 2014-06-04 22:07 - 00000000 ____D () C:\Program Files (x86)\PokerStars
    2014-08-29 22:30 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2014-08-29 22:30 - 2014-08-20 21:04 - 00000000 ____D () C:\Program Files (x86)\Image-Line
    2014-08-29 10:19 - 2014-08-29 09:38 - 00000000 ____D () C:\Qoobox
    2014-08-29 10:18 - 2014-08-29 10:18 - 00028335 _____ () C:\ComboFix.txt
    2014-08-29 10:10 - 2014-08-29 09:37 - 00000000 ____D () C:\Windows\erdnt
    2014-08-29 10:08 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
    2014-08-29 09:35 - 2014-08-29 09:34 - 05576760 ____R (Swearware) C:\Users\Tosh\Downloads\ComboFix.exe
    2014-08-29 08:40 - 2009-07-14 05:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-28 11:54 - 2014-08-28 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-28 11:54 - 2014-08-28 11:05 - 00000000 ____D () C:\Users\Tosh\Desktop\mbar
    2014-08-28 11:05 - 2014-08-28 11:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tosh\Downloads\mbar-1.07.0.1012.exe
    2014-08-28 11:05 - 2014-08-26 10:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-28 10:50 - 2014-08-28 10:50 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-28 10:50 - 2014-08-28 10:50 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-28 10:50 - 2014-08-28 10:49 - 04851288 _____ () C:\Users\Tosh\Downloads\RogueKiller.exe
    2014-08-28 10:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
    2014-08-27 19:54 - 2014-08-27 19:54 - 00000000 ____D () C:\Users\Tosh\AppData\Local\DDMSettings
    2014-08-27 19:50 - 2014-08-27 19:50 - 00001581 _____ () C:\Users\Tosh\Desktop\DivX Movies.lnk
    2014-08-27 19:50 - 2014-08-27 19:50 - 00001073 _____ () C:\Users\Public\Desktop\DivX Player.lnk
    2014-08-27 19:50 - 2014-08-27 19:49 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\DivX
    2014-08-27 19:50 - 2014-08-27 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
    2014-08-27 19:50 - 2014-08-27 19:48 - 00000000 ____D () C:\Program Files (x86)\DivX
    2014-08-27 19:50 - 2014-08-27 19:44 - 00000000 ____D () C:\ProgramData\DivX
    2014-08-27 19:49 - 2014-08-27 19:49 - 00001138 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
    2014-08-27 19:49 - 2014-08-27 19:49 - 00000000 ____D () C:\Program Files\DivX
    2014-08-27 19:44 - 2014-08-27 19:43 - 00995648 _____ (DivX, LLC) C:\Users\Tosh\Downloads\DivXInstaller.exe
    2014-08-27 10:05 - 2014-08-27 10:05 - 00025794 _____ () C:\Users\Tosh\Desktop\dds.txt
    2014-08-27 10:05 - 2014-08-27 10:05 - 00008234 _____ () C:\Users\Tosh\Desktop\attach.txt
    2014-08-27 10:00 - 2014-08-27 10:00 - 00688992 ____R (Swearware) C:\Users\Tosh\Downloads\dds.com
    2014-08-27 09:55 - 2014-08-27 09:55 - 00066566 _____ () C:\Users\Tosh\Desktop\scan 1.txt
    2014-08-26 21:01 - 2014-08-26 21:00 - 00001764 _____ () C:\Users\Tosh\Desktop\Rkill.txt
    2014-08-26 21:00 - 2014-08-26 21:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Tosh\Downloads\rkill.exe
    2014-08-26 20:57 - 2014-08-26 20:55 - 00006996 _____ () C:\Users\Default\AppData\Local\installer.log
    2014-08-26 20:57 - 2014-08-26 20:55 - 00006996 _____ () C:\Users\Default User\AppData\Local\installer.log
    2014-08-26 12:57 - 2014-08-26 12:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Eastman_Kodak_Company
    2014-08-26 12:57 - 2014-08-26 12:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Eastman_Kodak_Company
    2014-08-26 12:56 - 2014-06-02 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
    2014-08-26 12:54 - 2014-08-26 12:54 - 00002163 _____ () C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Temp
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\KODAK AiO Home Center363017442
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Temp
    2014-08-26 12:45 - 2014-08-26 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\KODAK AiO Home Center363017442
    2014-08-26 10:57 - 2014-06-02 14:15 - 00016210 _____ () C:\Users\Tosh\AppData\Local\installer.log
    2014-08-26 10:17 - 2014-08-26 10:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-26 10:17 - 2014-08-26 10:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-26 10:16 - 2014-08-26 10:16 - 01364531 _____ () C:\Users\Tosh\Downloads\adwcleaner_3.308.exe
    2014-08-26 10:16 - 2014-08-26 10:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tosh\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-26 10:13 - 2014-05-28 19:17 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-26 10:09 - 2014-08-26 10:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-26 10:09 - 2014-08-26 10:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-26 10:09 - 2011-08-03 04:47 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-24 17:19 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-23 03:07 - 2014-08-28 07:02 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-23 02:45 - 2014-08-28 07:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-23 01:59 - 2014-08-28 07:02 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-21 17:35 - 2014-08-21 17:11 - 3103333306 _____ () C:\Users\Tosh\Desktop\Focus T25.zip
    2014-08-20 21:23 - 2014-08-20 21:23 - 00001149 _____ () C:\Users\Tosh\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2014-08-20 21:23 - 2014-08-20 21:23 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2014-08-20 21:23 - 2014-08-20 21:23 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
    2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Tosh\AppData\Roaming\FlowStone
    2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
    2014-08-20 21:02 - 2014-08-20 21:01 - 323060176 _____ (Image-Line) C:\Users\Tosh\Downloads\flstudio_11.1.exe
    2014-08-18 22:05 - 2014-08-18 22:04 - 00000000 ____D () C:\Users\Tosh\AppData\Local\MetaGeek,_LLC
    2014-08-18 22:04 - 2014-08-18 22:04 - 00002489 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
    2014-08-18 22:04 - 2014-08-18 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
    2014-08-18 22:04 - 2014-08-18 22:04 - 00000000 ____D () C:\Program Files (x86)\MetaGeek
    2014-08-18 22:02 - 2014-08-18 22:02 - 04767744 _____ () C:\Users\Tosh\Downloads\inSSIDer-installer.msi
    2014-08-18 21:43 - 2014-08-18 21:43 - 01529664 _____ (LogMeIn, Inc.) C:\Users\Tosh\Downloads\Support-LogMeInRescue.exe
    2014-08-14 15:44 - 2011-08-03 04:57 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-14 11:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-14 10:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-14 00:14 - 2014-05-04 11:22 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-14 00:10 - 2014-05-04 11:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-14 00:00 - 2014-04-30 23:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 18:25 - 2014-08-13 18:25 - 00341848 _____ (DivX, LLC) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
    2014-08-13 17:42 - 2014-04-26 04:40 - 00000000 ____D () C:\Users\Tosh\AppData\Local\VirtualStore
    2014-08-13 17:40 - 2014-08-13 17:37 - 00000000 ____D () C:\ProgramData\eJay
    2014-08-13 17:05 - 2014-08-13 17:05 - 00001364 _____ () C:\Users\Public\Desktop\eJay Dance 6 Reloaded.lnk
    2014-08-13 17:05 - 2014-08-13 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eJay
    2014-08-13 16:55 - 2014-08-13 16:55 - 00000000 ____D () C:\ProgramData\DownloadManager
    2014-08-13 16:55 - 2014-08-13 16:55 - 00000000 ____D () C:\Program Files (x86)\eJay
    2014-08-13 16:55 - 2014-08-13 16:46 - 00000000 ____D () C:\Users\Tosh\Desktop\eJay Dance 6 Reloaded
    2014-08-13 16:46 - 2014-08-13 16:46 - 00973104 _____ () C:\Users\Tosh\Downloads\ejay_dance6_reloaded_downloader.exe
    2014-08-13 14:44 - 2014-08-13 14:38 - 00000000 ____D () C:\Users\Tosh\Desktop\Insanity
    2014-08-13 14:37 - 2014-08-13 12:28 - 00000000 ____D () C:\Users\Tosh\Desktop\Camera Pics Baqckup
    2014-08-12 20:06 - 2014-05-23 08:39 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
    2014-08-12 20:06 - 2014-05-23 08:39 - 00002972 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
    2014-08-12 20:06 - 2014-05-23 08:39 - 00002626 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-08-12 20:06 - 2014-05-23 08:39 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-08-12 20:06 - 2014-05-23 08:39 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2014-08-12 20:01 - 2014-08-12 20:00 - 14416304 _____ () C:\Users\Tosh\Downloads\gu5setup.exe
    2014-08-12 19:56 - 2014-06-21 09:39 - 00000234 _____ () C:\BackupLoader.ini
    2014-08-12 16:00 - 2014-08-12 16:00 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-11 00:11 - 2014-08-11 00:05 - 00000000 ____D () C:\Users\Tosh\Desktop\Focus T25
    2014-08-09 10:04 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-08-08 16:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-08-08 00:34 - 2014-05-19 20:51 - 00000000 ____D () C:\Users\Tosh\Desktop\Frozen Stuff
    2014-08-07 03:06 - 2014-08-13 07:53 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-07 03:01 - 2014-08-13 07:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-05 09:20 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-04 21:10 - 2014-08-04 20:11 - 00000000 ____D () C:\Users\Tosh\Desktop\Devon
    2014-08-01 00:41 - 2014-08-13 07:53 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-01 00:16 - 2014-08-13 07:53 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    Some content of TEMP:
    ====================
    C:\Users\Tosh\AppData\Local\Temp\Quarantine.exe
    C:\Users\Tosh\AppData\Local\Temp\_unps.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-27 11:33

    ==================== End Of Log ============================
     
  24. camshell

    camshell TS Rookie Topic Starter Posts: 28

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2014
    Ran by Tosh at 2014-08-30 19:44:32
    Running from C:\Users\Tosh\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
    aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
    Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
    BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)
    BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.09(T) - TOSHIBA CORPORATION)
    C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
    Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
    ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
    center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
    COMODO Internet Security Premium (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    GeekBuddy (HKLM\...\{ADBA2296-BA0A-49C1-B3A1-67B0C95CB8AE}) (Version: 4.16.114 - Comodo Security Solutions Inc)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Glary Utilities 5.5 (HKLM-x32\...\Glary Utilities 5) (Version: 5.5.0.12 - Glarysoft Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
    Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
    inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
    Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
    Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
    Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
    Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
    Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
    Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
    Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
    Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
    Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
    Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
    Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
    NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
    ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    PrivDog (HKLM-x32\...\PrivDog) (Version: 2.1.0.23 - privdog.com)
    Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
    TOSHIBA ConfigFree (HKLM-x32\...\{28F05B12-E618-48A8-839A-0755FC8C9081}) (Version: 8.0.39 - TOSHIBA CORPORATION)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.23.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.2.23.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.2.23.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.01.00 - )
    TOSHIBA Hardware Setup (Version: 4.09.01.00 - TOSHIBA) Hidden
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
    Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
    TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
    TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
    TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
    TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.01.00 - )
    TOSHIBA Supervisor Password (Version: 4.09.01.00 - TOSHIBA) Hidden
    TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.25 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (x32 Version: 2.0.0.25 - TOSHIBA Corporation) Hidden
    TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
    TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
    TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.5 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    Could not list Restore Points. Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-08-29 10:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0761232B-DFDC-4179-AA7D-CD8A8B6B08E3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {15F31442-EF6B-4390-AC25-828547FDA611} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-04-21] (TOSHIBA CORPORATION)
    Task: {4A0A79E5-B907-4031-B235-A8FCF9B4F563} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {4F3B181D-D15D-41A5-8B63-48D00D5F4587} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {6CBC0775-A098-4737-A3A6-C391C1CD17B8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {89961A13-70B6-45DA-BAE2-926F480563E8} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-04] (Glarysoft Ltd)
    Task: {96C98D2E-74BD-43FD-8349-F185A8188916} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-04] (Glarysoft Ltd)
    Task: {AF4B1BB0-C2B9-4F59-B752-5404AAF192F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {E0868145-E36A-44C6-B6C2-C352ECA8E9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
    Task: {E16D4ED5-EF83-4734-8705-990713255BD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
    2010-12-15 14:19 - 2010-12-15 14:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
    2011-08-03 05:54 - 2011-02-22 11:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll
    2011-08-03 05:12 - 2011-04-21 09:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
    2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD E-450 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 41%
    Total physical RAM: 5734.87 MB
    Available physical RAM: 3338.86 MB
    Total Pagefile: 11467.91 MB
    Available Pagefile: 8497.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:187.22 GB) NTFS
    Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:103.49 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C8C756AF)
    Partition 1: (Active) - (Size=400 MB) - (Type=27)
    Partition 2: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=298.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  25. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.