Author Topic: [Resolved - K] adware popups in Chrome, 'websearches' issue in Firefox  (Read 2726 times)

Offline nz_nora

  • Bronze Member
  • Posts: 7
Hi there

I've had pop up issues in Chrome for a while, mostly Unisales. Of course I started mucking around with it and downloaded every malware programme under this sun but haven't able to get rid of it.
I recently started having Websearches as my start page in Firefox (which had previously been unaffected by that other sh*t).

I download a lot of ebooks and am generally a bit haphazard with downloadig stuff so it could have come from anywhere.....

Hope you guys can help as this is the most frustrating thing ever.
Thanks
Nora


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/09/2012 2:02:50 p.m.
System Uptime: 5/03/2015 2:22:33 p.m. (1 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | U3E1 | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 303.467 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 16/02/2015 10:11:09 a.m. - Windows Update
RP260: 20/02/2015 9:49:03 a.m. - Windows Update
RP261: 21/02/2015 12:56:37 a.m. - Windows Update
RP262: 25/02/2015 3:05:31 p.m. - Windows Update
RP263: 26/02/2015 12:39:54 a.m. - Windows Update
RP264: 2/03/2015 7:15:31 p.m. - Windows Update
RP265: 5/03/2015 8:53:11 a.m. - Windows Update
.
==== Installed Programs ======================
.
Adobe Digital Editions 4.0
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
calibre
D3DX10
Dropbox
Google Chrome
Google Update Helper
Google+ Auto Backup
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 17 (64-bit)
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Kobo
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MusicBee 2.2
Norton Internet Security
Norton Online Backup
Norton PC Checkup
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.4.1
Picasa 3
PlayReady PC Runtime amd64
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RtkClassFilter
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Skype Click to Call
Skype™ 6.18
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Audio Enhancement
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
VLC media player
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/03/2015 3:57:50 p.m., Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
5/03/2015 12:37:58 p.m., Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureCommand with the following error:  Access is denied.
5/03/2015 12:27:59 p.m., Error: Service Control Manager [7000]  - The IHProtect Service service failed to start due to the following error:  The system cannot find the file specified.
5/03/2015 12:27:55 p.m., Error: Service Control Manager [7000]  - The WindowsMangerProtect Service service failed to start due to the following error:  This version of WindowsMangerProtect Service is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
1/03/2015 1:16:53 p.m., Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x80070005     Error description: Access is denied.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by Nora at 15:58:01 on 2015-03-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.64.1033.18.8082.5079 [GMT 13:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {db61f672-0d05-4997-bec6-96eaab7c4106} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [bdruninstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:tsecurity /after_restart"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Nora\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254 0.0.0.0
TCP: Interfaces\{31B5D2B0-0528-4B52-8276-DC910466A0C5} : DHCPNameServer = 192.168.1.254 0.0.0.0
TCP: Interfaces\{31B5D2B0-0528-4B52-8276-DC910466A0C5}\44F676024656E6 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{31B5D2B0-0528-4B52-8276-DC910466A0C5}\A414D4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{31B5D2B0-0528-4B52-8276-DC910466A0C5}\C496C69746F6763786F6573756 : DHCPNameServer = 192.168.1.254 0.0.0.0
TCP: Interfaces\{CC103C08-11FC-4C7E-8E27-A257D4575B06} : DHCPNameServer = 192.168.42.129
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\oak7ay1u.default-1424545646550\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-4 2711736]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-5-19 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-19 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-19 161560]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-5-19 138760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe [2012-5-19 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [2012-5-19 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-25 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-19 363800]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-7 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-19 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-5-19 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-19 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-5-19 1082472]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-19 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 IHProtect Service;IHProtect Service;C:\Program Files (x86)\XTab\ProtectService.exe --> C:\Program Files (x86)\XTab\ProtectService.exe [?]
S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 124560]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2012-5-19 1143416]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-5-19 165512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-8-30 110336]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-5-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2015-1-15 43664]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2012-5-19 488056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-6 21096]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-8-30 206080]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-4-10 27648]
S3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-5-19 451192]
S3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-5-19 1083512]
S3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-5-19 189560]
S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-5-19 396408]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-3-26 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-03-04 23:33:17   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34DC7D09-4763-4237-9476-2737BE0EF1E6}\offreg.dll
2015-03-04 06:58:46   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34DC7D09-4763-4237-9476-2737BE0EF1E6}\mpengine.dll
2015-03-04 00:39:40   950272   ----a-w-   C:\windows\System32\perftrack.dll
2015-03-04 00:39:40   91136   ----a-w-   C:\windows\System32\wdi.dll
2015-03-04 00:39:40   76800   ----a-w-   C:\windows\SysWow64\wdi.dll
2015-03-04 00:39:40   29696   ----a-w-   C:\windows\System32\powertracker.dll
2015-03-03 06:26:34   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-21 19:14:34   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82E56E54-69FD-421A-A520-D0528979E051}\gapaengine.dll
2015-02-15 09:29:28   --------   d-----w-   C:\ProgramData\WindowsMangerProtect
2015-02-15 09:29:22   2026   ----a-w-   C:\windows\patsearch.bin
2015-02-15 09:29:21   --------   d-----w-   C:\Users\Nora\AppData\Roaming\webssearches
2015-02-15 09:28:51   --------   d-----w-   C:\Users\Nora\AppData\Roaming\MailUpdate
2015-02-15 09:28:51   --------   d-----w-   C:\ProgramData\MailUpdate
2015-02-11 20:36:37   620032   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2015-02-11 20:36:37   6041600   ----a-w-   C:\windows\System32\jscript9.dll
2015-02-11 20:36:37   4300800   ----a-w-   C:\windows\SysWow64\jscript9.dll
2015-02-11 20:36:36   814080   ----a-w-   C:\windows\System32\jscript9diag.dll
2015-02-11 00:27:56   187904   ----a-w-   C:\windows\System32\cryptsvc.dll
2015-02-11 00:27:56   1480192   ----a-w-   C:\windows\System32\crypt32.dll
2015-02-11 00:27:55   229376   ----a-w-   C:\windows\System32\wintrust.dll
2015-02-11 00:27:55   179200   ----a-w-   C:\windows\SysWow64\wintrust.dll
2015-02-11 00:27:55   143872   ----a-w-   C:\windows\SysWow64\cryptsvc.dll
2015-02-11 00:27:55   1174528   ----a-w-   C:\windows\SysWow64\crypt32.dll
2015-02-11 00:27:43   861696   ----a-w-   C:\windows\System32\oleaut32.dll
2015-02-11 00:27:43   571904   ----a-w-   C:\windows\SysWow64\oleaut32.dll
2015-02-11 00:27:39   3722752   ----a-w-   C:\windows\System32\mstscax.dll
2015-02-11 00:27:38   3221504   ----a-w-   C:\windows\SysWow64\mstscax.dll
2015-02-11 00:27:38   131584   ----a-w-   C:\windows\SysWow64\aaclient.dll
2015-02-11 00:27:03   406528   ----a-w-   C:\windows\System32\scesrv.dll
2015-02-11 00:27:03   308224   ----a-w-   C:\windows\SysWow64\scesrv.dll
2015-02-11 00:26:53   5554112   ----a-w-   C:\windows\System32\ntoskrnl.exe
2015-02-11 00:26:51   3972544   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 00:26:51   3917760   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2015-02-11 00:26:47   503808   ----a-w-   C:\windows\System32\srcore.dll
2015-02-11 00:26:47   50176   ----a-w-   C:\windows\System32\srclient.dll
2015-02-11 00:26:47   43008   ----a-w-   C:\windows\SysWow64\srclient.dll
2015-02-11 00:26:47   296960   ----a-w-   C:\windows\System32\rstrui.exe
2015-02-11 00:26:15   3201536   ----a-w-   C:\windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2015-03-03 13:17:35   295552   ------w-   C:\windows\System32\MpSigStub.exe
2015-02-05 02:01:02   71344   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 02:01:02   701616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29   609280   ----a-w-   C:\windows\System32\generaltel.dll
2015-02-04 03:16:20   762368   ----a-w-   C:\windows\System32\invagent.dll
2015-02-04 03:16:16   414720   ----a-w-   C:\windows\System32\devinv.dll
2015-02-04 03:16:14   894976   ----a-w-   C:\windows\System32\appraiser.dll
2015-02-04 03:16:13   227328   ----a-w-   C:\windows\System32\aepdu.dll
2015-02-04 03:16:13   192000   ----a-w-   C:\windows\System32\aepic.dll
2015-02-04 03:13:28   1098752   ----a-w-   C:\windows\System32\aeinv.dll
2015-01-27 23:36:21   1239720   ----a-w-   C:\windows\System32\aitstatic.exe
2015-01-15 08:14:17   155072   ----a-w-   C:\windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\windows\System32\drivers\cng.sys
2015-01-14 21:46:14   43664   ----a-w-   C:\windows\System32\drivers\hitmanpro37.sys
2015-01-13 03:10:22   1424384   ----a-w-   C:\windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19   1230336   ----a-w-   C:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\windows\System32\ieetwcollector.exe
2015-01-12 02:25:28   968704   ----a-w-   C:\windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29   1359360   ----a-w-   C:\windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\windows\SysWow64\credssp.dll
2014-12-19 03:06:55   210432   ----a-w-   C:\windows\System32\profsvc.dll
2014-12-19 01:46:45   141312   ----a-w-   C:\windows\System32\drivers\mrxdav.sys
2014-12-11 17:47:12   52736   ----a-w-   C:\windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27   303616   ----a-w-   C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19   52224   ----a-w-   C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18   156672   ----a-w-   C:\windows\SysWow64\ncsi.dll
2012-08-13 09:13:16   473600   ----a-w-   C:\Program Files (x86)\setup.exe
2012-08-13 09:13:16   3162112   ----a-w-   C:\Program Files (x86)\openofficeorg341.msi
.
============= FINISH: 15:58:30.25 ===============
« Last Edit: March 22, 2015, 03:46:08 AM by kevinf80 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Hello nz_nora and welcome to SpywareHammer,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Let me see those logs in your reply,

Kevin...



Offline nz_nora

  • Bronze Member
  • Posts: 7
Thanks so much Kevin!
I'm currently traveling for work and have only limited internet access (it's the 80's here in New Zealand when it comes to technology....) but please please bear with me and I will post those logs as soon as I have been able to download all those programmes.
Thanks again
Nora

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Hello Nora,

Thanks for the update, just post back whenever you`re ready.... :t

Kevin.

Offline nz_nora

  • Bronze Member
  • Posts: 7
Hi Kevin
I have 24 hours wifi access so here are the logs, as requested.  I hope it's all there.... :)
cheers
Nora



Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 17/02/2015 9:11:59 a.m., SYSTEM, NORA-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 17/02/2015 9:11:59 a.m., SYSTEM, NORA-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Update, 17/02/2015 9:12:06 a.m., SYSTEM, NORA-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.16.8,
Update, 17/02/2015 9:22:58 a.m., SYSTEM, NORA-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 17/02/2015 9:22:58 a.m., SYSTEM, NORA-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Update, 17/02/2015 9:23:05 a.m., SYSTEM, NORA-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.16.9,

(end)


# AdwCleaner v4.112 - Logfile created 10/03/2015 at 22:40:35
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Nora - NORA-PC
# Running from : C:\Users\Nora\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\MailUpdate
Folder Deleted : C:\Users\Nora\AppData\Roaming\MailUpdate
Folder Deleted : C:\ProgramData\dagdnkacgglpafbphggpkjkcihnedkmj

***** [ Scheduled tasks ] *****

Task Deleted : LuckyTab
Task Deleted : YourFileDownloader Installer Starter

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EF7375FB-61A8-4ED4-9164-987A411F2526}
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\YourFileDownloader

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1423992530&from=exp&uid=HitachiXHTS547564A9E384_120307J2330053E2YJSBX&q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dagdnkacgglpafbphggpkjkcihnedkmj

*************************

AdwCleaner[R2].txt - [3623 bytes] - [10/03/2015 22:36:05]
AdwCleaner[S2].txt - [3854 bytes] - [10/03/2015 22:40:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3913  bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by Nora on Tue 10/03/2015 at 23:40:04.63




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Nora (administrator) on NORA-PC on 10-03-2015 23:49:01
Running from C:\Users\Nora\Downloads
Loaded Profiles: Nora (Available profiles: Nora)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Thisisu) C:\Users\Nora\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-04] (Symantec Corporation)
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:tsecurity /after_restart"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1938786008-3775992464-100303922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1938786008-3775992464-100303922-1000 - (No Name) - {db61f672-0d05-4997-bec6-96eaab7c4106} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-11] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-15] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL [2011-05-14] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-10] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-10] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1938786008-3775992464-100303922-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.5.50.1 202.6.116.124
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\oak7ay1u.default-1424545646550
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\windows\system32\npDeployJava1.dll [2013-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-04-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-03-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Pin It Button - C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\oak7ay1u.default-1424545646550\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-02-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhhcpdkkfaconddfjbielfdiloadbpg\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-01]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-14]
CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-14]
CHR HKU\S-1-5-21-1938786008-3775992464-100303922-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Nora\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1938786008-3775992464-100303922-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfhhcpdkkfaconddfjbielfdiloadbpg] - C:\Users\Nora\AppData\Local\CRE\lfhhcpdkkfaconddfjbielfdiloadbpg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lfhhcpdkkfaconddfjbielfdiloadbpg] - C:\Users\Nora\AppData\Local\CRE\lfhhcpdkkfaconddfjbielfdiloadbpg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\Extensions\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-25] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-04] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe [123320 2011-09-14] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [126392 2011-09-14] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [1143416 2011-05-14] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-24] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-15] ()
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys [488056 2011-05-14] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\ENG64.SYS [117880 2011-05-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\EX64.SYS [2011768 2011-05-19] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-06] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-17] (Realtek Semiconductor Corporation                           )
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-21] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-21] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-17] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-17] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-19] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-17] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-10] (Symantec Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:49 - 2015-03-10 23:51 - 00028547 _____ () C:\Users\Nora\Downloads\FRST.txt
2015-03-10 23:48 - 2015-03-10 23:49 - 00000000 ____D () C:\FRST
2015-03-10 23:48 - 2015-03-10 23:48 - 02095104 _____ (Farbar) C:\Users\Nora\Downloads\FRST64.exe
2015-03-10 23:46 - 2015-03-10 23:46 - 00000854 _____ () C:\Users\Nora\Desktop\JRT.txt
2015-03-10 23:37 - 2015-03-10 23:39 - 01388333 _____ (Thisisu) C:\Users\Nora\Downloads\JRT.exe
2015-03-10 23:05 - 2015-03-10 23:05 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\AVG2015
2015-03-10 23:04 - 2015-03-10 23:04 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\TuneUp Software
2015-03-10 23:03 - 2015-03-10 23:40 - 00000000 ___HD () C:\$AVG
2015-03-10 23:03 - 2015-03-10 23:40 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-10 23:02 - 2015-03-10 23:02 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-10 22:55 - 2015-03-10 23:42 - 00000000 ____D () C:\Users\Nora\AppData\Local\Avg2015
2015-03-10 22:55 - 2015-03-10 23:42 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-10 22:55 - 2015-03-10 22:55 - 00000000 ____D () C:\Users\Nora\AppData\Local\MFAData
2015-03-10 22:54 - 2015-03-10 22:54 - 04578024 _____ (AVG Technologies) C:\Users\Nora\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2015-03-10 22:36 - 2015-03-10 22:40 - 00000000 ____D () C:\AdwCleaner
2015-03-10 22:35 - 2015-03-10 22:35 - 02171392 _____ () C:\Users\Nora\Downloads\AdwCleaner.exe
2015-03-10 22:27 - 2015-03-10 23:09 - 00000000 ____D () C:\Users\Nora\Documents\Bluetooth
2015-03-10 20:09 - 2015-03-10 22:52 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-10 20:08 - 2015-03-10 20:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-10 20:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-10 20:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-10 20:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-10 20:05 - 2015-03-10 20:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nora\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-05 22:33 - 2015-03-05 22:33 - 00781232 _____ (Internet Soft ) C:\Users\Nora\Downloads\adobe_flash_setup.exe
2015-03-04 13:39 - 2015-01-09 16:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-04 13:39 - 2015-01-09 16:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-04 13:39 - 2015-01-09 16:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-04 13:39 - 2015-01-09 15:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-26 00:40 - 2015-01-09 12:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-26 00:40 - 2015-01-09 12:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 18:20 - 2015-02-26 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-21 00:50 - 2015-02-21 01:14 - 00000000 ____D () C:\Users\Nora\Documents\Rob
2015-02-15 22:33 - 2015-02-15 22:33 - 00003144 _____ () C:\windows\System32\Tasks\{7C639C4A-9A36-4E4F-BBA6-2E05DD93EF15}
2015-02-15 22:29 - 2015-02-15 22:33 - 00000396 __RSH () C:\ProgramData\ntuser.pol
2015-02-15 22:28 - 2015-02-15 22:44 - 00000057 _____ () C:\momotor.txt
2015-02-15 21:57 - 2015-02-15 21:59 - 63856640 _____ () C:\Users\Nora\Downloads\calibre-2.19.0.msi
2015-02-12 09:36 - 2015-01-23 17:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 09:36 - 2015-01-23 17:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 09:36 - 2015-01-23 16:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 09:36 - 2015-01-23 16:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 13:29 - 2015-02-04 16:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 13:29 - 2015-02-04 16:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 13:29 - 2015-01-28 12:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 13:29 - 2015-01-14 18:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 13:29 - 2015-01-12 16:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 13:29 - 2015-01-12 15:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 13:29 - 2015-01-12 15:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 13:29 - 2015-01-12 15:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 13:29 - 2015-01-12 15:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 13:29 - 2015-01-12 15:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 13:29 - 2015-01-12 15:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 13:29 - 2015-01-12 15:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 13:29 - 2015-01-12 14:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 13:29 - 2015-01-12 14:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 13:29 - 2015-01-12 14:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:29 - 2015-01-12 14:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 13:29 - 2015-01-12 14:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 13:29 - 2015-01-12 14:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 13:29 - 2015-01-12 13:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 13:29 - 2015-01-10 19:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 13:29 - 2015-01-10 19:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 13:28 - 2015-01-15 21:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:28 - 2015-01-15 21:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 13:28 - 2015-01-15 21:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 13:28 - 2015-01-15 21:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 13:28 - 2015-01-15 21:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 13:28 - 2015-01-15 21:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 13:28 - 2015-01-15 21:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 13:28 - 2015-01-15 21:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 13:28 - 2015-01-15 21:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 13:28 - 2015-01-15 21:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 13:28 - 2015-01-15 21:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 13:28 - 2015-01-15 20:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 13:28 - 2015-01-15 20:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 13:28 - 2015-01-15 20:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 13:28 - 2015-01-15 20:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 13:28 - 2015-01-15 20:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 13:28 - 2015-01-15 20:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 13:28 - 2015-01-15 17:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 13:28 - 2015-01-14 18:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 13:28 - 2015-01-13 16:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 13:28 - 2015-01-13 15:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:28 - 2015-01-12 16:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 13:28 - 2015-01-12 16:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 13:28 - 2015-01-12 15:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 13:28 - 2015-01-12 15:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 13:28 - 2015-01-12 15:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 13:28 - 2015-01-12 15:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 13:28 - 2015-01-12 15:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 13:28 - 2015-01-12 15:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 13:28 - 2015-01-12 15:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 13:28 - 2015-01-12 15:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 13:28 - 2015-01-12 15:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 13:28 - 2015-01-12 15:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 13:28 - 2015-01-12 15:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 13:28 - 2015-01-12 15:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 13:28 - 2015-01-12 15:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 13:28 - 2015-01-12 15:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 13:28 - 2015-01-12 15:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 13:28 - 2015-01-12 15:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 13:28 - 2015-01-12 15:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 13:28 - 2015-01-12 14:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 13:28 - 2015-01-12 14:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 13:28 - 2015-01-12 14:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 13:28 - 2015-01-12 14:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 13:28 - 2015-01-12 14:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 13:28 - 2015-01-12 14:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 13:28 - 2015-01-12 14:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 13:28 - 2015-01-12 14:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 13:28 - 2015-01-12 14:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 13:28 - 2015-01-12 14:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 13:28 - 2015-01-12 14:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 13:28 - 2015-01-12 14:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 13:28 - 2015-01-12 14:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 13:28 - 2015-01-12 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 13:28 - 2015-01-12 14:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 13:28 - 2015-01-12 13:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 13:27 - 2014-12-12 18:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 13:27 - 2014-12-12 18:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 13:27 - 2014-12-08 16:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 13:27 - 2014-12-08 15:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 13:27 - 2014-11-26 16:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 13:27 - 2014-11-26 16:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 13:27 - 2014-10-04 15:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-11 13:27 - 2014-10-04 14:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-11 13:27 - 2014-10-04 14:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-11 13:27 - 2014-07-07 15:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-11 13:27 - 2014-07-07 15:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-11 13:27 - 2014-07-07 14:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-11 13:27 - 2014-07-07 14:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-11 13:26 - 2015-01-14 19:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 13:26 - 2015-01-14 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 13:26 - 2015-01-14 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 13:26 - 2015-01-14 19:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 13:26 - 2015-01-14 18:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:26 - 2015-01-14 18:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:26 - 2015-01-14 18:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 13:26 - 2015-01-09 15:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:48 - 2012-05-19 21:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 23:19 - 2009-07-14 17:45 - 00028080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 23:19 - 2009-07-14 17:45 - 00028080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 23:16 - 2009-07-14 18:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-10 23:15 - 2012-05-19 20:52 - 01698388 _____ () C:\windows\WindowsUpdate.log
2015-03-10 23:14 - 2015-01-30 21:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 23:08 - 2012-05-19 21:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 23:08 - 2012-05-19 20:51 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-10 23:08 - 2009-07-14 18:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-10 23:08 - 2009-07-14 17:51 - 00107889 _____ () C:\windows\setupact.log
2015-03-10 22:41 - 2010-11-21 16:47 - 00183228 _____ () C:\windows\PFRO.log
2015-03-10 22:40 - 2014-11-30 16:21 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-10 22:40 - 2012-09-09 17:08 - 00000998 _____ () C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-10 22:40 - 2012-05-19 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-10 20:50 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\AppCompat
2015-03-10 20:35 - 2012-09-15 13:16 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0FB6FF3E-A1F3-40A0-A154-D5BB84B1AC25}
2015-03-09 13:47 - 2012-05-19 20:51 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-03-05 22:36 - 2012-09-09 19:28 - 00000000 ____D () C:\Users\Nora\AppData\Local\Adobe
2015-03-05 12:27 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\tracing
2015-03-04 02:17 - 2010-11-21 16:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-28 18:31 - 2012-09-09 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 23:21 - 2014-09-01 21:20 - 00000000 ____D () C:\Users\Nora\Documents\Calibre Library
2015-02-25 15:43 - 2014-03-04 22:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-21 21:36 - 2012-09-14 16:19 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\MusicBee
2015-02-21 21:36 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\registration
2015-02-21 00:38 - 2012-09-09 15:02 - 00000000 ____D () C:\Users\Nora
2015-02-17 12:23 - 2013-11-28 21:04 - 00000000 ____D () C:\Users\Nora\Documents\jobs
2015-02-15 22:29 - 2009-07-14 16:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-15 22:29 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2015-02-15 22:02 - 2013-12-27 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-02-15 22:02 - 2013-12-27 20:06 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-02-12 11:16 - 2009-07-14 16:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 23:44 - 2012-09-13 19:36 - 00767256 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-11 15:52 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-11 15:46 - 2009-07-14 17:45 - 00463320 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 15:43 - 2014-12-12 19:27 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 15:43 - 2014-07-31 15:36 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 15:42 - 2009-07-14 16:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-11 13:58 - 2012-09-13 19:37 - 00001945 _____ () C:\windows\epplauncher.mif
2015-02-11 13:58 - 2012-09-13 19:36 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 13:58 - 2012-09-13 19:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 13:58 - 2012-09-10 18:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 13:40 - 2013-08-14 22:55 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 13:40 - 2012-09-13 20:19 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-08-13 22:14 - 2012-08-13 22:14 - 117864638 _____ () C:\Program Files (x86)\openofficeorg1.cab
2012-08-13 22:13 - 2012-08-13 22:13 - 3162112 _____ () C:\Program Files (x86)\openofficeorg341.msi
2012-08-13 22:13 - 2012-08-13 22:13 - 0473600 _____ () C:\Program Files (x86)\setup.exe
2012-08-13 22:13 - 2012-08-13 22:13 - 0000294 _____ () C:\Program Files (x86)\setup.ini

Some content of TEMP:
====================
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.dll
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.exe
C:\Users\Nora\AppData\Local\Temp\FA9A0DDF-DEA8-50EA-5564-62E24A7C66B7.exe
C:\Users\Nora\AppData\Local\Temp\oxeb8fvAPn.exe
C:\Users\Nora\AppData\Local\Temp\Quarantine.exe
C:\Users\Nora\AppData\Local\Temp\sqlite3.dll
C:\Users\Nora\AppData\Local\Temp\UzR8omJ5Bw.exe
C:\Users\Nora\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Nora\AppData\Local\Temp\WQOqcOKDGi.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-20 15:35

==================== End Of Log ============================




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn pip"



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Nora\AppData\Roaming\mozilla\firefox\profiles\oak7ay1u.default-1424545646550\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/03/2015 at 23:46:42.08
End of JRT log



Offline nz_nora

  • Bronze Member
  • Posts: 7
the previous post was too long so here is addition.txt now:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Nora at 2015-03-10 23:52:16
Running from C:\Users\Nora\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
calibre (HKLM-x32\...\{7C1B7566-C44C-4436-B08D-636337C7C665}) (Version: 2.19.0 - Kovid Goyal)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1938786008-3775992464-100303922-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.0.1 - Kobo Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MusicBee 2.2 (HKLM-x32\...\MusicBee) (Version: 2.2 - Steven Mayall)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.0.0.128 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17242 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.15.77 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1938786008-3775992464-100303922-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-02-2015 09:49:03 Windows Update
21-02-2015 00:56:37 Windows Update
25-02-2015 15:05:31 Windows Update
26-02-2015 00:39:54 Windows Update
02-03-2015 19:15:31 Windows Update
05-03-2015 08:53:11 Windows Update
08-03-2015 19:04:53 Windows Update
10-03-2015 23:01:47 Installed AVG 2015
10-03-2015 23:02:30 Installed AVG 2015
10-03-2015 23:38:25 Removed AVG 2015
10-03-2015 23:41:39 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 15:34 - 2015-01-15 09:21 - 00000860 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C927199-0E31-4961-AA52-735521552A23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {218CE3E9-C1A0-4800-94AC-5214EC0D22D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe [2011-05-28] (Symantec Corporation)
Task: {41E3D865-9BAC-4BC1-A4D4-FA6AD030096B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {4D0EACB6-FAB0-4324-825D-C43BA207AFD2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {4EEA2E89-83B0-4158-8165-9361F1E05388} - System32\Tasks\{7C639C4A-9A36-4E4F-BBA6-2E05DD93EF15} => pcalua.exe -a C:\Users\Nora\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp <==== ATTENTION
Task: {50A149CC-9EC9-4F75-83FE-ED26D03A5EF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {56CD3789-6619-4539-AE5B-76CC4391ADBF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {A3A88800-E3EC-442E-896E-CC18697D86B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {C509569F-1C24-40A3-B3F3-CA178F6DC462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {C78133D8-15BD-473A-9208-0BAA14009FB7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {EB819B63-2698-4A43-8562-CFEA849C2F72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ED3CC2DB-6FC0-4F91-B577-9D970879128C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {F91D554B-AD99-4D47-9C9E-3E37A374C74A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {F95ECC15-8A13-4FEF-9A3F-362C281FD6BA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-19 21:04 - 2010-09-10 13:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2014-03-04 22:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-05-19 20:51 - 2012-02-22 08:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-08-23 11:19 - 2011-08-23 11:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-16 11:19 - 2010-12-16 11:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-20 12:00 - 2011-01-20 12:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2012-03-27 13:33 - 2012-03-27 13:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-26 14:51 - 2011-11-26 14:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-02-25 15:39 - 2014-12-24 08:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-01-26 06:57 - 2012-01-26 06:57 - 00172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2012-05-19 20:51 - 2012-02-22 08:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-21 20:12 - 2014-11-21 20:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-01-27 11:36 - 2015-01-27 11:36 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-25 15:39 - 2014-12-24 07:08 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.5.50.1 - 202.6.116.124

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1938786008-3775992464-100303922-500 - Administrator - Disabled)
Guest (S-1-5-21-1938786008-3775992464-100303922-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1938786008-3775992464-100303922-1002 - Limited - Enabled)
Nora (S-1-5-21-1938786008-3775992464-100303922-1000 - Administrator - Enabled) => C:\Users\Nora

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8081.8 MB
Available physical RAM: 5158.55 MB
Total Pagefile: 16161.8 MB
Available Pagefile: 13455.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (S3A9566D003) (Fixed) (Total:581.3 GB) (Free:303.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 58943F2B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.4 GB) - (Type=17)

==================== End Of Log ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Thanks for those logs Nora, continue as follows:

The Chrome browser installation is corrupt, it is essential to remove and replace the full installation...

https://support.google.com/chrome/answer/95319?hl=en-GB

  • Re-install Chrome: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

  • Install Adblock plus for Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

  • Enable FlashBlock for Chrome: http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/

    Next,

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    There are two security systems running, Norton and Microft Security Essentials. One of those needs to be removed ASAP, your choice!

    Microsoft Security Essntials removal tool - http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

    Norton removal tool - http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Next,

    There are remnants of a previous AVG installation, run the following tool to remove all AVG entries:

    http://www.avg.com/gb-en/utilities

    Next,

    Scan with ESET Online Scanner

    This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
    Please visit ESET Online Scanner website.

    Click there Run ESET Online Scanner.

    If using Internet Explorer:

    • Accept the Terms of Use and click Start.
    • Allow the running of add-on.
    If using Mozilla Firefox or Google Chrome:
    • Download esetsmartinstaller_enu.exe that you'll be given link to.
    • Double click esetsmartinstaller_enu.exe.
    • Allow the Terms of Use and click Start.
    To perform the scan:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
    • Click Start
    • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    • When completed, the program will begin to scan. This may take several hours. Please, be patient.
    • Do not do anything on your machine as it may interrupt the scan.
    • When the scan is done, click Finish.
    • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
    Please include this logfile in your next reply.

    Don't forget to re-enable protection software!

    Let me see the log from ESET, also give an update on any remaining issues or concerns....

    Thanks,

    Kevin..


Offline nz_nora

  • Bronze Member
  • Posts: 7
Hi Kevin

I managed to do most tasks but couldnt figure out how to enable flash block on chrome. But i:ll sort it out...

I still seem to have some AdChoices ads in mozilla but Chrome seems to be A-ok!
here are the logs and thanks so much for your help so far!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Nora at 2015-03-19 17:52:51 Run:1
Running from C:\Users\Nora\Downloads
Loaded Profiles: Nora (Available profiles: Nora)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:tsecurity /after_restart"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1938786008-3775992464-100303922-1000 - (No Name) - {db61f672-0d05-4997-bec6-96eaab7c4106} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.dll
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.exe
C:\Users\Nora\AppData\Local\Temp\FA9A0DDF-DEA8-50EA-5564-62E24A7C66B7.exe
C:\Users\Nora\AppData\Local\Temp\oxeb8fvAPn.exe
C:\Users\Nora\AppData\Local\Temp\Quarantine.exe
C:\Users\Nora\AppData\Local\Temp\sqlite3.dll
C:\Users\Nora\AppData\Local\Temp\UzR8omJ5Bw.exe
C:\Users\Nora\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Nora\AppData\Local\Temp\WQOqcOKDGi.exe
Task: {4EEA2E89-83B0-4158-8165-9361F1E05388} - System32\Tasks\{7C639C4A-9A36-4E4F-BBA6-2E05DD93EF15} => pcalua.exe -a C:\Users\Nora\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp <==== ATTENTION
C:\Users\Nora\AppData\Roaming\webssearches
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\exefile:  <===== ATTENTION!
EmptyTemp:
end



*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\bdruninstaller => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1938786008-3775992464-100303922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{db61f672-0d05-4997-bec6-96eaab7c4106} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
AVGIDSHA => Service not found.
Avgrkx64 => Service not found.
Avgtdia => Service not found.
TDEIO => Service deleted successfully.
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.dll => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\FA9A0DDF-DEA8-50EA-5564-62E24A7C66B7.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\oxeb8fvAPn.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\UzR8omJ5Bw.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
C:\Users\Nora\AppData\Local\Temp\WQOqcOKDGi.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EEA2E89-83B0-4158-8165-9361F1E05388}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EEA2E89-83B0-4158-8165-9361F1E05388}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7C639C4A-9A36-4E4F-BBA6-2E05DD93EF15} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C639C4A-9A36-4E4F-BBA6-2E05DD93EF15}" => Key deleted successfully.
"C:\Users\Nora\AppData\Roaming\webssearches" => File/Directory not found.
"HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-1938786008-3775992464-100303922-1000\Software\Classes\exefile => Key not found.
EmptyTemp: => Removed 687.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:53:54 ====


ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d088cedf6d40654291dc65f1657c3272
# engine=22992
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-20 08:01:02
# local_time=2015-03-20 09:01:02 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2386947 97329284 0 0
# scanned=245205
# found=8
# cleaned=8
# scan_time=24956
sh=904607CC44C5EE529A69619F030A5E29D8405E31 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\dagdnkacgglpafbphggpkjkcihnedkmj\CCXaA.js.vir"
sh=20DAD0B4DA51BF0B4DBC0496EA1A3B65C93A132F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\dagdnkacgglpafbphggpkjkcihnedkmj\lsdb.js.vir"
sh=510F2CB93E7C63D39D078BFD79556CC795E4BFAD ft=1 fh=c71c00118252f1b1 vn="a variant of Win32/Adware.AddLyrics.DR application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Nora\AppData\Local\Temp\70A97F20-EFB1-9A17-5AE3-877CA6CB6BD8.exe.xBAD"
sh=DFCFCE09AE92CE1A7715EC5183940E425A75E1F0 ft=1 fh=c71c00119a5becab vn="a variant of Win32/Adware.AddLyrics.DQ application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Nora\AppData\Local\Temp\FA9A0DDF-DEA8-50EA-5564-62E24A7C66B7.exe.xBAD"
sh=8FD1A65A094A44521EF03455538B33657AD02B97 ft=1 fh=7fec0e84d1a7ebc5 vn="a variant of Win32/ELEX.BO potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Nora\AppData\Local\Temp\oxeb8fvAPn.exe.xBAD"
sh=34306D0683990367EFE9FEB3BD3EAFE33B387816 ft=1 fh=b383d4d2273658d6 vn="a variant of Win32/Adware.AddLyrics.DR application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Nora\AppData\Local\Temp\WQOqcOKDGi.exe.xBAD"
sh=2AA49C34D81E63DDFB6671E88528DC6DFE845E91 ft=1 fh=cc919c70ce9ba901 vn="a variant of Win32/InstallCore.XM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nora\Downloads\adobe_flash_setup.exe"
sh=DF42A85B548C31A50765AD0FFA336A84594B252D ft=1 fh=8669c097dbb58e35 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nora\Downloads\Songbird_2.0.0-2311_windows-i686-msvc8.exe"



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Hiya Nora,

Thanks for the update, continue as follows...

Open Mozilla Firefox, when open select these keys together :- Ctrl - Shift - A that will access Addons manger,  Type the following into the search box:

Adblock Plus - d/l and install that addon

Adblock Plus Pop-up Addon - d/l and install that addon.

When those two addons are installed restart Firefox, do the ads return? do you have any other issues or concerns...

Kevin....

Offline nz_nora

  • Bronze Member
  • Posts: 7
WOOHOO! It's all gone! All that annoying stuff is gone! You are just about my favourite person at the moment :)
thanks so much for your help!!  :p

Cheers
Nora

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Hiya Nora,

Thanks for the update, couple of tasks to complete:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

If no remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Thanks,

Kevin...

Offline nz_nora

  • Bronze Member
  • Posts: 7
Thanks Kevin, all done (well, minus the homework, havent' had a chance to read that article yet but I will!)
Awesome, thanks so much

Have another dancing banana:  :p

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Since this issue appears to be resolved the topic has been closed. Glad we could help...... :t 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.