Solved I just know I have a virus/Trojan something

Daward40 · Jan 24, 2013

I followed all the pre requisite performances and here are the logs. The way I know I have something is when I click on IE it comes up http://www.yahoo.com/?ilc=17 instead of just yahoo.com or it will in in 1 instead of 17. Can someone please help? I feel really stupid right now.

Malbyte
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.24.03
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Davia :: DAVIA [administrator]
1/24/2013 12:08:55 AM
mbam-log-2013-01-24 (00-08-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209023
Time elapsed: 2 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)

THis is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
Run by Davia at 0:14:56 on 2013-01-24
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2356 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe

now the txt file

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
Run by Davia at 0:14:56 on 2013-01-24
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2356 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe

Daward40 · Jan 24, 2013

Oh sorry thanks for any and all help I am soooo frustrated right now

Jay Pfoutz · Jan 24, 2013

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Daward40 · Jan 24, 2013

THANK YOU THANK YOU THNAK YOU
Okay when I download it says This operating system is not supported Combo Fix only runs on:
Windows xp
Windows Vista
Windows 7
windows 2000 is no longer supported

Daward40 · Jan 24, 2013

I cant get into safe mode I have tried

Jay Pfoutz · Jan 24, 2013

Oops, my apologies. I thought it was Windows 7...but I see Windows 8 actually. Alrighty

RogueKiller Scan

Download RogueKiller from the following link and save it on your desktop:
TechSpot
Official Site (alternative
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Daward40 · Jan 24, 2013

Here are the two reports by roguekiller AGAIN thank you!!!!

RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Davia [Admin rights]
Mode : Scan -- Date : 01/24/2013 11:27:34
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01242013_02d1127.txt >>
RKreport[1]_S_01242013_02d1127.txt

RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Davia [Admin rights]
Mode : Remove -- Date : 01/24/2013 11:28:11
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01242013_02d1128.txt >>
RKreport[1]_S_01242013_02d1127.txt ; RKreport[2]_D_01242013_02d1128.txt

Jay Pfoutz · Jan 24, 2013

Okay. You're welcome. Will wait on other scans.

Daward40 · Jan 24, 2013

TDSSKILLER

Jay Pfoutz · Jan 24, 2013

avast! aswMBR

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Uncheck "Trace disk IO calls".
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review
Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Quick Scan button and let the program run uninterrupted.
It will produce a log for you called OTL.txt, please post it in your next reply.
You may need to use two posts to get it all.

Daward40 · Jan 24, 2013

Here you go

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 12:11:03
-----------------------------
12:11:03.538 OS Version: Windows x64 6.2.9200
12:11:03.538 Number of processors: 4 586 0x3A09
12:11:03.539 ComputerName: DAVIA UserName: Davia
12:11:04.036 Initialze error 1
12:11:33.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
12:11:33.491 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA60B Size: 476940MB BusType: 11
12:11:33.531 Disk 0 MBR read successfully
12:11:33.532 Disk 0 MBR scan
12:11:33.534 Disk 0 unknown MBR code
12:11:33.536 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
12:11:33.538 Disk 0 scanning C:\windows\system32\drivers
12:11:33.540 Service scanning
12:11:34.235 Modules scanning
12:11:34.240 Scan finished successfully
12:12:23.212 Disk 0 MBR has been saved successfully to "C:\Users\Davia Ward\Desktop\MBR.dat"
12:12:23.213 The log file has been saved successfully to "C:\Users\Davia Ward\Desktop\aswMBR.txt"
The other file you asked me to rename when trying to upload I get and error message " the uploaded file does not have an allowed extention"

Jay Pfoutz · Jan 24, 2013

Upload to SpeedyShare.com.

When you enter the site, click the center bar, "Click here to upload[...]", find the file "mbr.dat" in "Desktop". Select that, and upload it.
Once you do that, you will get a sharing link. Please post that in your next reply.

Will wait for OTL log...

Daward40 · Jan 24, 2013

Here is the OTL log

d/yyyy

3.89 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.19% Memory free
5.82 Gb Paging File | 4.32 Gb Available in Paging File | 74.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.65 Gb Total Space | 408.62 Gb Free Space | 89.68% Space Free | Partition Type: NTFS

Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
PRC - [2012/12/25 09:14:14 | 001,683,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/01/21 15:50:06 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/14 01:04:22 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130123.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.003\eng64.sys -- (NAVENG)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

Daward40 · Jan 24, 2013

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
IE - HKCU\..\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin [2013/01/23 19:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/102
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll ()
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
[2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
[2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/24 09:59:06 | 005,114,096 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
[2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
[2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
[2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
[2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
[2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
[2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
[2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
[2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
[2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
[2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
[2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
[2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
[2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
[2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
[2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
[2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/01/21 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/01/21 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
[2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
[2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
[2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
[2013/01/19 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Toolbar
[2013/01/19 10:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2013/01/17 11:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5zEI
[2013/01/15 13:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InboxDollars
[2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
[2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
[2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
[2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
[2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
[2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
[2013/01/09 07:32:22 | 000,000,000 | -HSD | C] -- C:\windows\syspkgwk
[2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
[2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
[2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
[2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
[2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
[2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
[2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
[2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012/12/29 11:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
[2012/12/29 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
[2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
[2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
[2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
[2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
[2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
[2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/12/26 18:13:45 | 000,000,000 | R--D | C] -- C:\Users\Davia Ward\Documents\Scanned Documents
[2012/12/26 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Fax

========== Files - Modified Within 30 Days ==========

[2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:47:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 11:23:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/24 11:23:26 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/24 11:21:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/24 11:21:39 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/24 10:40:26 | 005,114,096 | ---- | M] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
[2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

========== Files Created - No Company Name ==========

[2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
[2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
[2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
[2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
[2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
[2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
[2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
[2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
[2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
[2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
[2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
[2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
[2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
[2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
[2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/29 09:13:36 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
[2013/01/21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/01 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\ShopAtHome
[2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

Daward40 · Jan 24, 2013

Which link do you want me to post for speedy share??

Daward40 · Jan 24, 2013

Code:

http://speedy.sh/Cd6Rb/MBRscan.txt.dat

http://speedy.sh/Cd6Rb/MBRscan.txt.dat

<a href="http://speedy.sh/Cd6Rb/MBRscan.txt.dat">Download at SpeedyShare</a>

Daward40 · Jan 24, 2013

Jay Pfoutz · Jan 25, 2013

Alrighty, looks like a rogue program infected the computer. Lots of adware too. Would you like me to point you to a list of free, legitimate (adware-free) coupon resources?

Also, please don't bump your topic. Lately, I've only been able to make it in here once to twice a day, since my car wants to act up. Right now, we have quite a bit of snow on the ground. It shall be a fun day today.

OTL Fix

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKCU\..\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin [2013/01/23 19:19:01 | 000,000,000 | ---D | M]
CHR - homepage: http://www.searchnu.com/102
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
CHR - homepage: http://www.searchnu.com/102
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll ()
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (no name) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
[2013/01/24 09:59:06 | 005,114,096 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/21 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/01/21 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/19 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Toolbar
[2013/01/19 10:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2013/01/17 11:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5zEI
[2013/01/15 13:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InboxDollars
[2013/01/09 07:32:22 | 000,000,000 | -HSD | C] -- C:\windows\syspkgwk
[2012/12/29 09:13:36 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
[2013/01/21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/01 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\ShopAtHome

:files
ipconfig /flushdns /c

:commands
[emptytemp]
[reboot]

Click to expand...
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Delete.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Daward40 · Jan 25, 2013

Yes on the adware thanks.

I bumped because I didn't want to lose track of thread incase it was awhile before you could get back

It supposed to snow here today this afternoon everybody is closing early. You would think it was the end of the world

Will get right back with you on the other !!! Thanks again

Daward40 · Jan 25, 2013

Wow you are amazing

lue HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
File C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
File C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
File C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe moved successfully.
C:\Windows\uninst.exe moved successfully.
C:\Program Files (x86)\DefaultTab folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\components folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\locale folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\chrome folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1 folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension folder moved successfully.
C:\Program Files (x86)\SR Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\SR Toolbar folder moved successfully.
C:\Program Files (x86)\jZip folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\setups folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5zEI folder moved successfully.
C:\Program Files (x86)\InboxDollars folder moved successfully.
C:\windows\syspkgwk\x64 folder moved successfully.
C:\windows\syspkgwk\Templates folder moved successfully.
C:\windows\syspkgwk folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\DefaultTab folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeHelper folder moved successfully.
C:\Users\Davia Ward\AppData\Roaming\ShopAtHome folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Davia Ward\Desktop\cmd.bat deleted successfully.
C:\Users\Davia Ward\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Davia Ward
->Temp folder emptied: 7413358 bytes
->Temporary Internet Files folder emptied: 59063323 bytes
->Java cache emptied: 1769757 bytes
->Google Chrome cache emptied: 15934469 bytes
->Flash cache emptied: 1431 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 351727 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 31338630 bytes

Total Files Cleaned = 111.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_110541

Files\Folders moved on Reboot...
C:\Users\Davia Ward\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Davia Ward\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Daward40 · Jan 25, 2013

Just fyi
When I ran the otl with the fix it ran faster then I did the adware and it went back to the way it was wierd

Daward40 · Jan 25, 2013

Adware file

AdwCleaner v2.108 - Logfile created 01/25/2013 at 11:16:27
# Updated 24/01/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Davia - DAVIA
# Boot Mode : Normal
# Running from : C:\Users\Davia Ward\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\APN

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\SearchquSRTB
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000062133
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\DataMngr

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

*************************

AdwCleaner[S1].txt - [11063 octets] - [25/01/2013 11:16:27]

########## EOF - C:\AdwCleaner[S1].txt - [11124 octets] ##########

Just so you know the computer asked to be rebooted after adware finished ..... it was the only option but when I went back on ie the same thing happened after reboot it went back to the way it was before the otl fix. www.yahoo.com ie17. (crap)

It ran faster after the otl fix and reboot now its back to the way it was How can that happen??

Jay Pfoutz · Jan 25, 2013

I don't think I touched the homepage issue...let's go with a new OTL Quick Scan, please.

Daward40 · Jan 25, 2013

Otl here ya go

OTL logfile created on: 1/25/2013 11:49:33 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davia Ward\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 68.27% Memory free
5.82 Gb Paging File | 4.49 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.65 Gb Total Space | 408.76 Gb Free Space | 89.71% Space Free | Partition Type: NTFS

Computer Name: DAVIA | User Name: Davia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
PRC - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
PRC - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/24 20:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 14:46:10 | 000,348,056 | ---- | M] (Capital Intellect, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe -- (BeFrugal.com Service)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe -- (NAT)
SRV - [2012/08/08 05:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 10:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/06/27 15:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/29 11:42:58 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 21:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 20:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/29 11:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2012/08/06 08:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 15:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2013/01/23 16:36:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/23 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.023\ex64.sys -- (NAVEX15)
DRV - [2013/01/23 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/23 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130124.023\eng64.sys -- (NAVENG)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" = http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/102
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [*ForceDelete] C:\Users\Davia Ward\Desktop\adwcleaner.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Daward40 · Jan 25, 2013

Otl Part 2

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 11:05:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
[2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
[2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
[2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
[2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
[2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
[2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
[2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
[2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
[2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
[2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
[2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
[2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
[2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
[2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
[2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
[2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
[2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
[2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
[2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
[2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
[2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
[2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
[2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
[2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
[2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
[2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
[2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
[2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
[2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
[2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
[2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
[2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
[2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
[2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
[2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
[2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
[2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
[2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
[2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
[2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
[2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/12/26 18:13:45 | 000,000,000 | R--D | C] -- C:\Users\Davia Ward\Documents\Scanned Documents
[2012/12/26 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Fax

========== Files - Modified Within 30 Days ==========

[2013/01/25 11:47:01 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 11:30:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/25 11:29:26 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 11:28:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/25 11:28:46 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/25 11:15:09 | 000,578,255 | ---- | M] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
[2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
[2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys

========== Files Created - No Company Name ==========

[2013/01/25 11:15:08 | 000,578,255 | ---- | C] () -- C:\Users\Davia Ward\Desktop\adwcleaner.exe
[2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
[2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
[2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
[2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
[2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
[2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
[2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
[2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
[2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
[2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
[2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
[2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
[2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
[2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
[2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
[2013/01/25 11:05:50 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

Solved I just know I have a virus/Trojan something

Posts: 29 +1

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Attachments

Posts: 4,279 +49

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Posts: 29 +1

Posts: 29 +1

Posts: 29 +1

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Posts: 29 +1

Posts: 29 +1

Posts: 29 +1

Posts: 4,279 +49

Posts: 29 +1

Posts: 29 +1

Similar threads