Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Restart won't open windows after updates and more problems [Closed


  • This topic is locked This topic is locked

#1
twswford

twswford

    Member

  • Member
  • PipPip
  • 26 posts
I'm using a toshiba satellite laptop. about 9 days ago i got a blue screen. i restarted and went into either the f2 or f12 menu i forgot which and elected to do the factory reset wiping out all my info (i backed up so no losses). was working fine until yesterday when i got another blue screen. i restarted and everything came back up so wasn't worried about it and today i installed a windows ( i run windows 7 64bit) update and when i restarted from that i got an error saying that windows couldn't open. sorry i didn't note the code. there was no background it was black and the only thing on the desktop was was the recycle bin icon. i've attached a screenshot of the most recent windows updates and the otl.log from the quickscan. please advise as i work from home and am dependant on this machine for that. sincere thanks, twswford.

OTL logfile created on: 2/27/2013 9:30:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shar\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.47% Memory free
7.90 Gb Paging File | 5.88 Gb Available in Paging File | 74.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 504.15 Gb Free Space | 86.78% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 0.40 Gb Free Space | 10.67% Space Free | Partition Type: FAT32

Computer Name: SHAR-PC | User Name: Shar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 09:20:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shar\Downloads\OTL.exe
PRC - [2013/02/26 23:09:50 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013/02/21 00:55:56 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/02 21:05:46 | 001,718,920 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/01/16 10:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/01/09 14:11:54 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/29 11:19:46 | 011,870,208 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\ZTE AC3781 APP.exe
PRC - [2012/02/28 10:59:12 | 000,696,320 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\AC3781\Bin\MonServiceUDisk.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2011/02/03 13:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 20:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/26 23:09:50 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013/02/21 00:55:55 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/16 10:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/01/16 10:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/29 11:19:46 | 011,870,208 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\ZTE AC3781 APP.exe
MOD - [2012/02/29 11:10:00 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfXCommWrapper.dll
MOD - [2012/02/29 11:09:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfXComm.dll
MOD - [2012/02/29 11:09:44 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfCustomization.dll
MOD - [2012/02/29 11:09:34 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfWaveLib.dll
MOD - [2012/02/29 11:09:34 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfRasWrapper.dll
MOD - [2012/02/29 11:09:32 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfDeviceHW.dll
MOD - [2012/02/29 11:09:26 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfLogService.dll
MOD - [2012/02/29 11:09:26 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\UdiskDrv.dll
MOD - [2012/02/29 11:09:22 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfRuntime.dll
MOD - [2012/02/29 11:09:22 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfHelper.dll
MOD - [2012/02/29 11:09:20 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfSoundPlayLib.dll
MOD - [2012/02/29 11:09:18 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfSerialPort.dll
MOD - [2012/02/29 11:09:16 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zfThreading.dll
MOD - [2012/02/28 10:21:42 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\libxml2.dll
MOD - [2012/02/28 10:21:42 | 000,290,904 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\libxslt.dll
MOD - [2012/02/28 10:21:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband AC3781\bin\zlib1.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
MOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/03/02 17:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 20:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 19:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/26 23:09:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 00:55:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/16 10:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/01/09 14:11:54 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/28 10:59:12 | 000,696,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cricket Broadband AC3781\AC3781\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/02/03 13:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/12/20 20:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 10:21:50 | 000,223,416 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBNET.SYS -- (CT_ZTEMT_U_USBNET)
DRV:64bit: - [2012/02/28 10:21:50 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 14:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 16:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 14:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {38B49992-3B4C-4C50-909D-EAB69987CA74}
IE:64bit: - HKLM\..\SearchScopes\{38B49992-3B4C-4C50-909D-EAB69987CA74}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F5022F1E-A906-4264-A9A8-662A240C6479}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...SSPV=SP_IENSP06
IE - HKLM\..\SearchScopes\{F5022F1E-A906-4264-A9A8-662A240C6479}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F5022F1E-A906-4264-A9A8-662A240C6479}
IE - HKCU\..\SearchScopes\{F5022F1E-A906-4264-A9A8-662A240C6479}: "URL" = http://www.google.co...1I7TSNF_enUS522
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...90952187852156"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.thewester...pify.com/admin"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 00:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/18 10:58:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\uc@uc.com: C:\Program Files (x86)\Unfriend Checker\FF\ [2013/02/11 00:14:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/11 01:09:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/02/08 10:30:02 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 00:55:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/18 10:58:27 | 000,000,000 | ---D | M]

[2013/02/11 01:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shar\AppData\Roaming\Mozilla\Extensions
[2013/02/24 09:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\Extensions
[2013/02/18 11:48:42 | 000,002,335 | ---- | M] () -- C:\Users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\searchplugins\askcom.xml
[2013/02/11 07:52:42 | 000,001,120 | ---- | M] () -- C:\Users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\searchplugins\whitesmoke-b-customized-web-search.xml
[2013/02/11 01:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/21 00:55:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 12:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/21 00:55:55 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms}
CHR - homepage: http://search.condui...sspv=SP_CHNSP06
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaappmhgaaggeoepicjahnbofmjacog\7.17.3.0_0\background/registryAccess.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.14.40.136_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.14.40.136_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaappmhgaaggeoepicjahnbofmjacog\7.17.3.0_0\
CHR - Extension: Unfriend Checker = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiponhbbifajapmbggbgaepiedinifm\1.1_0\
CHR - Extension: Wajam = C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll (Save Valet)
O2 - BHO: (Unfriend Checker) - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll ()
O2 - BHO: (GetSavin 5.0) - {59928EFD-D960-4EA3-BD27-A1ED2471670D} - C:\Users\Shar\AppData\Local\getsavin\ie\getsavin_1361206502.dll ()
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O4 - Startup: C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F00EDDF-76FC-43D6-9C69-C2DD4811ABA6}: NameServer = 10.133.20.11 10.132.20.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c3350e9-73a8-11e2-8885-e89a8fa58129}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3350e9-73a8-11e2-8885-e89a8fa58129}\Shell\AutoRun\command - "" = F:\Setup.exe /Auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/27 07:59:19 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/27 07:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/27 07:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/27 07:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/25 19:47:10 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2013/02/25 19:46:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/02/22 00:49:32 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\CutePDF Writer
[2013/02/19 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\InstallShield
[2013/02/19 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\OpenOffice.org
[2013/02/19 18:28:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2013/02/19 18:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2013/02/19 18:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/02/19 17:19:57 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\TidyNetwork.com
[2013/02/19 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Shar\Desktop\PRINT
[2013/02/18 12:08:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchFreeze
[2013/02/18 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TouchFreeze
[2013/02/18 11:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2013/02/18 11:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/02/18 11:47:38 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\APN
[2013/02/18 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2013/02/18 11:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2013/02/18 10:59:20 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\getsavin
[2013/02/18 10:58:54 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/02/18 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Wajam
[2013/02/18 10:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013/02/18 07:43:45 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\SoftGrid Client
[2013/02/18 07:43:38 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\SoftGrid Client
[2013/02/15 10:06:22 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/02/15 01:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2013/02/14 23:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/02/14 21:41:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/02/14 21:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/02/14 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/02/14 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2013/02/14 08:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/13 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Macromedia
[2013/02/13 15:57:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/02/13 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\CrashDumps
[2013/02/13 04:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/02/13 04:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/02/13 03:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/13 03:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/02/13 01:18:15 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Tific
[2013/02/13 01:18:05 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Symantec
[2013/02/12 06:26:24 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Diagnostics
[2013/02/11 16:36:52 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Adobe
[2013/02/11 12:27:57 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Apple Computer
[2013/02/11 12:27:57 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Apple Computer
[2013/02/11 12:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/11 12:27:17 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2013/02/11 12:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/11 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/11 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/11 12:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/11 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Apple
[2013/02/11 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/11 12:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/11 12:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/11 12:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/11 12:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/02/11 12:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/11 09:27:08 | 000,000,000 | ---D | C] -- C:\Users\Shar\Desktop\WORK
[2013/02/11 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Paint.NET
[2013/02/11 08:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.net
[2013/02/11 07:54:43 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\SwvUpdater
[2013/02/11 07:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/11 07:54:12 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Conduit
[2013/02/11 07:53:12 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\CRE
[2013/02/11 07:38:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2013/02/11 07:38:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2013/02/11 02:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/02/11 01:09:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Mozilla
[2013/02/11 01:09:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Mozilla
[2013/02/11 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/11 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/02/11 01:09:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins
[2013/02/11 01:09:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions
[2013/02/11 01:09:07 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/02/11 01:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/02/11 01:08:49 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/02/11 01:08:49 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/11 01:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/02/11 01:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/11 01:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/11 01:08:39 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Delta
[2013/02/11 01:08:30 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/11 01:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/11 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Babylon
[2013/02/11 00:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveValet
[2013/02/11 00:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unfriend Checker
[2013/02/11 00:06:17 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Adobe
[2013/02/10 23:04:33 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Google
[2013/02/10 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Google
[2013/02/10 23:03:57 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\ZteUpdateUI
[2013/02/10 23:03:57 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\ZTEEVDO
[2013/02/10 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/02/10 23:03:55 | 000,000,000 | -H-D | C] -- C:\ZTEEVDOAutoRun
[2013/02/10 23:03:45 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Cricket Broadband AC3781
[2013/02/10 23:03:37 | 000,223,416 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\CT_ZTEMT_U_USBNET.SYS
[2013/02/10 23:03:37 | 000,120,704 | ---- | C] (ZTEMT Incorporated) -- C:\windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys
[2013/02/10 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricket Broadband AC3781
[2013/02/10 23:03:31 | 000,039,552 | ---- | C] (Bytemobile, Inc.) -- C:\windows\SysWow64\drivers\tcpipBM.sys
[2013/02/10 23:03:31 | 000,016,512 | ---- | C] (Bytemobile, Inc.) -- C:\windows\SysWow64\drivers\BMLoad.sys
[2013/02/10 23:03:30 | 000,312,448 | ---- | C] (Bytemobile, Inc.) -- C:\windows\SysWow64\bminstall.dll
[2013/02/10 23:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cricket Broadband AC3781
[2013/02/10 11:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
[2013/02/10 11:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Toshiba Shared
[2013/02/10 11:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/10 11:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/02/10 11:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/02/10 11:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
[2013/02/10 11:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2013/02/10 11:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/02/10 11:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Corporation
[2013/02/10 11:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/10 11:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
[2013/02/10 11:21:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64
[2013/02/10 11:21:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02000A0.01A
[2013/02/10 11:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup
[2013/02/10 11:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2013/02/10 11:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/02/10 11:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/02/10 11:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/02/10 11:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup
[2013/02/10 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba Online Backup
[2013/02/10 11:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/02/10 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2013/02/10 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2013/02/10 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games
[2013/02/10 10:56:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2013/02/10 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/02/10 10:56:02 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2013/02/10 10:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/02/10 10:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/02/10 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2013/02/10 10:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/02/10 10:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/02/10 10:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/02/10 10:41:46 | 000,000,000 | ---D | C] -- C:\Intel
[2013/02/10 10:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/02/10 10:37:34 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/02/10 09:42:36 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Toshiba
[2013/02/10 09:41:25 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\TOSHIBA
[2013/02/10 09:41:04 | 000,000,000 | R--D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/10 09:41:04 | 000,000,000 | R--D | C] -- C:\Users\Shar\Searches
[2013/02/10 09:41:04 | 000,000,000 | R--D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/10 09:41:03 | 000,000,000 | -H-D | C] -- C:\Users\Shar\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/02/10 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Identities
[2013/02/10 09:40:51 | 000,000,000 | R--D | C] -- C:\Users\Shar\Contacts
[2013/02/10 09:40:49 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\VirtualStore
[2013/02/10 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\WinBatch
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\AppData\Local\Temporary Internet Files
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Templates
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Start Menu
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\SendTo
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Recent
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\PrintHood
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\NetHood
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Documents\My Videos
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Documents\My Pictures
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Documents\My Music
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Local Settings
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\AppData\Local\History
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Cookies
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\Application Data
[2013/02/10 09:39:10 | 000,000,000 | -HSD | C] -- C:\Users\Shar\AppData\Local\Application Data
[2013/02/10 09:39:09 | 000,000,000 | --SD | C] -- C:\Users\Shar\AppData\Roaming\Microsoft
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Videos
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Saved Games
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Pictures
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Music
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Links
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Favorites
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Downloads
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Documents
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\Desktop
[2013/02/10 09:39:09 | 000,000,000 | R--D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/10 09:39:09 | 000,000,000 | -HSD | C] -- C:\Users\Shar\My Documents
[2013/02/10 09:39:09 | 000,000,000 | -H-D | C] -- C:\Users\Shar\AppData
[2013/02/10 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Temp
[2013/02/10 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Microsoft
[2013/02/10 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Media Center Programs
[2013/02/10 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Macromedia
[2013/01/28 18:01:46 | 000,356,520 | ---- | C] (Ask.com) -- C:\Users\Shar\Documents\ApnStub.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/27 09:17:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001UA.job
[2013/02/27 09:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 09:04:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 09:04:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 09:04:24 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/27 09:04:24 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/27 09:04:24 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/27 09:04:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 08:58:39 | 000,000,352 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013/02/27 08:57:24 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 08:56:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/27 08:56:52 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 07:59:18 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/27 07:55:34 | 000,002,052 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/27 06:40:48 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001Core.job
[2013/02/26 09:32:53 | 000,844,333 | ---- | M] () -- C:\Users\Shar\Documents\EMBROIDERY STITCHES FOR CRAZY QUILTS - EMBROIDERY DESIGNS.pdf
[2013/02/26 03:51:36 | 000,925,361 | ---- | M] () -- C:\Users\Shar\Documents\Inspirational Beading_ Beading Tutorial_ Double St.pdf
[2013/02/25 22:13:07 | 000,452,381 | ---- | M] () -- C:\Users\Shar\Documents\Glossary of Beading and Jewelry Terms - B - BEADED CREATIONS.pdf
[2013/02/23 18:32:38 | 001,403,702 | ---- | M] () -- C:\Users\Shar\Documents\Flash.pdf
[2013/02/22 19:19:58 | 002,621,002 | ---- | M] () -- C:\Users\Shar\Documents\100_2098.JPG
[2013/02/22 19:19:50 | 002,513,388 | ---- | M] () -- C:\Users\Shar\Documents\100_2097.JPG
[2013/02/22 19:19:38 | 003,093,073 | ---- | M] () -- C:\Users\Shar\Documents\100_2096.JPG
[2013/02/22 19:19:26 | 003,706,968 | ---- | M] () -- C:\Users\Shar\Documents\100_2095.JPG
[2013/02/22 19:19:12 | 001,960,012 | ---- | M] () -- C:\Users\Shar\Documents\100_2094.JPG
[2013/02/22 00:58:31 | 000,010,206 | ---- | M] () -- C:\Users\Shar\Documents\about_blank.pdf
[2013/02/22 00:54:01 | 000,130,394 | ---- | M] () -- C:\Users\Shar\Documents\Travel Diaper Changing Pad Pattern _ AllFreeSewing.pdf
[2013/02/22 00:49:34 | 000,187,604 | ---- | M] () -- C:\Users\Shar\Documents\Hankie to Baby Bonnet Sewing Tutorial _ FaveCrafts.pdf
[2013/02/19 22:13:04 | 000,043,145 | ---- | M] () -- C:\Users\Shar\Documents\LESSON 1 STUDY GUIDE.odt
[2013/02/19 21:05:38 | 000,292,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/19 20:53:57 | 000,001,250 | ---- | M] () -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2013/02/19 18:28:38 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2013/02/18 10:59:28 | 000,000,000 | ---- | M] () -- C:\end
[2013/02/16 03:07:21 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/02/15 10:06:08 | 441,798,581 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/02/12 10:30:38 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/02/12 04:22:24 | 000,001,452 | ---- | M] () -- C:\Users\Shar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/12 03:15:38 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/02/12 03:15:30 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/02/11 16:38:42 | 000,109,806 | ---- | M] () -- C:\Users\Shar\Documents\Statement.pdf
[2013/02/11 12:27:52 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/11 09:00:10 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/02/11 01:09:38 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 01:07:43 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/02/10 23:03:36 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Cricket Broadband AC3781.lnk
[2013/02/10 11:37:47 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/02/10 11:37:47 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/02/10 10:54:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/02/10 10:44:05 | 000,016,224 | ---- | M] () -- C:\windows\SysNative\results.xml
[2013/02/10 09:40:16 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/02/03 16:06:18 | 002,114,692 | ---- | M] () -- C:\Users\Shar\Documents\100_2093.JPG
[2013/02/03 16:06:08 | 001,904,397 | ---- | M] () -- C:\Users\Shar\Documents\100_2092.JPG
[2013/02/03 16:05:28 | 002,098,574 | ---- | M] () -- C:\Users\Shar\Documents\100_2091.JPG
[2013/02/03 16:04:56 | 002,390,477 | ---- | M] () -- C:\Users\Shar\Documents\100_2090.JPG
[2013/02/03 16:04:46 | 002,215,749 | ---- | M] () -- C:\Users\Shar\Documents\100_2089.JPG
[2013/02/03 16:02:04 | 001,950,367 | ---- | M] () -- C:\Users\Shar\Documents\100_2088.JPG
[2013/02/03 16:01:56 | 002,308,404 | ---- | M] () -- C:\Users\Shar\Documents\100_2087.JPG
[2013/02/03 16:01:38 | 002,043,106 | ---- | M] () -- C:\Users\Shar\Documents\100_2086.JPG
[2013/02/03 16:01:12 | 001,799,090 | ---- | M] () -- C:\Users\Shar\Documents\100_2085.JPG
[2013/02/03 16:00:56 | 002,410,551 | ---- | M] () -- C:\Users\Shar\Documents\100_2084.JPG
[2013/02/03 16:00:22 | 001,805,944 | ---- | M] () -- C:\Users\Shar\Documents\100_2083.JPG
[2013/02/03 15:55:04 | 002,111,142 | ---- | M] () -- C:\Users\Shar\Documents\100_2082.JPG
[2013/02/03 15:51:30 | 001,841,529 | ---- | M] () -- C:\Users\Shar\Documents\100_2081.JPG
[2013/02/03 15:51:14 | 002,354,956 | ---- | M] () -- C:\Users\Shar\Documents\100_2080.JPG
[2013/01/28 18:01:46 | 000,356,520 | ---- | M] (Ask.com) -- C:\Users\Shar\Documents\ApnStub.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/27 07:59:18 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/27 07:55:34 | 000,002,052 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/02/26 09:32:57 | 000,844,333 | ---- | C] () -- C:\Users\Shar\Documents\EMBROIDERY STITCHES FOR CRAZY QUILTS - EMBROIDERY DESIGNS.pdf
[2013/02/26 03:51:40 | 000,925,361 | ---- | C] () -- C:\Users\Shar\Documents\Inspirational Beading_ Beading Tutorial_ Double St.pdf
[2013/02/25 22:13:16 | 000,452,381 | ---- | C] () -- C:\Users\Shar\Documents\Glossary of Beading and Jewelry Terms - B - BEADED CREATIONS.pdf
[2013/02/25 19:45:33 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\CNC1746D.TBL
[2013/02/25 19:45:33 | 000,012,800 | ---- | C] () -- C:\windows\SysNative\CNC1746D.TBL
[2013/02/23 18:32:42 | 001,403,702 | ---- | C] () -- C:\Users\Shar\Documents\Flash.pdf
[2013/02/23 09:53:42 | 002,410,551 | ---- | C] () -- C:\Users\Shar\Documents\100_2084.JPG
[2013/02/23 09:53:42 | 002,043,106 | ---- | C] () -- C:\Users\Shar\Documents\100_2086.JPG
[2013/02/23 09:53:42 | 001,805,944 | ---- | C] () -- C:\Users\Shar\Documents\100_2083.JPG
[2013/02/23 09:53:42 | 001,799,090 | ---- | C] () -- C:\Users\Shar\Documents\100_2085.JPG
[2013/02/23 09:53:41 | 002,390,477 | ---- | C] () -- C:\Users\Shar\Documents\100_2090.JPG
[2013/02/23 09:53:41 | 002,354,956 | ---- | C] () -- C:\Users\Shar\Documents\100_2080.JPG
[2013/02/23 09:53:41 | 002,308,404 | ---- | C] () -- C:\Users\Shar\Documents\100_2087.JPG
[2013/02/23 09:53:41 | 002,215,749 | ---- | C] () -- C:\Users\Shar\Documents\100_2089.JPG
[2013/02/23 09:53:41 | 002,114,692 | ---- | C] () -- C:\Users\Shar\Documents\100_2093.JPG
[2013/02/23 09:53:41 | 002,111,142 | ---- | C] () -- C:\Users\Shar\Documents\100_2082.JPG
[2013/02/23 09:53:41 | 002,098,574 | ---- | C] () -- C:\Users\Shar\Documents\100_2091.JPG
[2013/02/23 09:53:41 | 001,950,367 | ---- | C] () -- C:\Users\Shar\Documents\100_2088.JPG
[2013/02/23 09:53:41 | 001,904,397 | ---- | C] () -- C:\Users\Shar\Documents\100_2092.JPG
[2013/02/23 09:53:41 | 001,841,529 | ---- | C] () -- C:\Users\Shar\Documents\100_2081.JPG
[2013/02/23 09:17:00 | 003,706,968 | ---- | C] () -- C:\Users\Shar\Documents\100_2095.JPG
[2013/02/23 09:17:00 | 003,093,073 | ---- | C] () -- C:\Users\Shar\Documents\100_2096.JPG
[2013/02/23 09:17:00 | 002,621,002 | ---- | C] () -- C:\Users\Shar\Documents\100_2098.JPG
[2013/02/23 09:17:00 | 002,513,388 | ---- | C] () -- C:\Users\Shar\Documents\100_2097.JPG
[2013/02/23 09:17:00 | 001,960,012 | ---- | C] () -- C:\Users\Shar\Documents\100_2094.JPG
[2013/02/22 00:57:47 | 000,010,206 | ---- | C] () -- C:\Users\Shar\Documents\about_blank.pdf
[2013/02/22 00:54:05 | 000,130,394 | ---- | C] () -- C:\Users\Shar\Documents\Travel Diaper Changing Pad Pattern _ AllFreeSewing.pdf
[2013/02/22 00:49:39 | 000,187,604 | ---- | C] () -- C:\Users\Shar\Documents\Hankie to Baby Bonnet Sewing Tutorial _ FaveCrafts.pdf
[2013/02/19 22:13:04 | 000,043,145 | ---- | C] () -- C:\Users\Shar\Documents\LESSON 1 STUDY GUIDE.odt
[2013/02/19 20:53:57 | 000,001,250 | ---- | C] () -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2013/02/19 18:28:38 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2013/02/18 11:33:34 | 000,087,152 | ---- | C] () -- C:\windows\SysNative\cpwmon64.dll
[2013/02/16 00:18:08 | 000,000,920 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001UA.job
[2013/02/16 00:18:08 | 000,000,868 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001Core.job
[2013/02/15 10:06:08 | 441,798,581 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/02/14 21:36:20 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/02/13 15:57:33 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 10:30:38 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/02/12 04:22:23 | 000,001,424 | ---- | C] () -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/12 03:30:16 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/12 03:15:38 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/02/12 03:15:30 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/02/11 16:38:42 | 000,109,806 | ---- | C] () -- C:\Users\Shar\Documents\Statement.pdf
[2013/02/11 12:27:52 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/11 12:25:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/02/11 09:00:10 | 000,001,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/02/11 09:00:09 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/02/11 07:54:43 | 000,000,352 | ---- | C] () -- C:\windows\tasks\AmiUpdXp.job
[2013/02/11 03:11:07 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/11 01:09:38 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/11 01:09:38 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 01:07:43 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/02/11 01:07:25 | 000,000,000 | ---- | C] () -- C:\end
[2013/02/10 23:04:28 | 000,001,452 | ---- | C] () -- C:\Users\Shar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/10 23:03:37 | 000,000,616 | ---- | C] () -- C:\windows\SysNative\drivers\zteusbcdma.cfg
[2013/02/10 23:03:35 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Cricket Broadband AC3781.lnk
[2013/02/10 11:27:52 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
[2013/02/10 11:26:11 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/10 11:26:11 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/10 11:21:49 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02000A0.01A\isolate.ini
[2013/02/10 10:54:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/02/10 10:53:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/02/10 10:44:05 | 000,016,224 | ---- | C] () -- C:\windows\SysNative\results.xml
[2013/02/10 10:40:47 | 000,008,192 | ---- | C] () -- C:\windows\SysNative\drivers\IntelMEFWVer.dll
[2013/02/10 10:34:35 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/10 09:41:06 | 000,001,458 | ---- | C] () -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/02/10 09:40:16 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/02/10 09:39:09 | 000,000,290 | ---- | C] () -- C:\Users\Shar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/10 09:39:09 | 000,000,272 | ---- | C] () -- C:\Users\Shar\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 01:08:49 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/11 01:07:25 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\Babylon
[2013/02/10 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\Cricket Broadband AC3781
[2013/02/11 01:08:39 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\Delta
[2013/02/19 20:53:15 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\OpenOffice.org
[2013/02/19 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\SoftGrid Client
[2013/02/23 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\Tific
[2013/02/19 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\Toshiba
[2013/02/10 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\WinBatch
[2013/02/13 21:12:27 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\ZTEEVDO
[2013/02/10 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\Shar\AppData\Roaming\ZteUpdateUI

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • update history.png

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi are you able to access the system properly now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2013/01/16 10:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/01/09 14:11:54 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...SSPV=SP_IENSP06
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN65290952187852156"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/11 01:09:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/02/08 10:30:02 | 000,037,909 | ---- | M] ()
[2013/02/11 07:52:42 | 000,001,120 | ---- | M] () -- C:\Users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\searchplugins\whitesmoke-b-customized-web-search.xml
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll (Save Valet)
O2 - BHO: (GetSavin 5.0) - {59928EFD-D960-4EA3-BD27-A1ED2471670D} - C:\Users\Shar\AppData\Local\getsavin\ie\getsavin_1361206502.dll ()
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/02/18 10:59:20 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\getsavin
[2013/02/18 10:58:54 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/02/18 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Wajam
[2013/02/18 10:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013/02/11 07:54:43 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\SwvUpdater
[2013/02/11 07:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/11 07:54:12 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Conduit
[2013/02/11 01:09:07 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/02/11 01:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/02/11 01:08:49 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/02/11 01:08:49 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/11 01:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/02/11 01:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/11 01:08:39 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Delta
[2013/02/11 01:08:30 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/11 01:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/11 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Babylon
[2013/02/11 00:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveValet
[2013/02/10 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/02/27 08:58:39 | 000,000,352 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job

:Files
C:\ProgramData\BrowserProtect
C:\Program Files (x86)\Wajam
C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

FINALLY


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hello and thank you so much for your fast action on this.

i ran the otl with the script pasted and it froze. i took a screenshot of it and have attached it here.
waiting for your response.

thanks

Attached Thumbnails

  • otl scr shot.png

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that one is playing hard to get, stop OTL and proceed to the next step please
  • 0

#5
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
following is the report from the roguekiller and i'll do the adware thing now
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shar [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/28/2013 05:15:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 0 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume9 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << RKreport[4]_SC_02282013_02d0515.txt >>
RKreport[1]_S_02282013_02d0350.txt ; RKreport[2]_D_02282013_02d0352.txt ; RKreport[3]_SC_02282013_02d0454.txt ; RKreport[4]_SC_02282013_02d0515.txt
  • 0

#6
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
the adwcleaner would not load. it said it was downloaded but when i tried to initiate it i got a window stating that the file could not be opened.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a drastic measure, if this also fails we may need to go outside of windows

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
this is the cf.txt log file
it ran as expected and computer seems to be running more efficiently. windows open faster. websites come up faster. the cooling fan comes on less so it's quieter. i have alot of work to do this eve so i'll let you know how it goes before morning.
thanks

ComboFix 13-02-26.01 - Shar 02/28/2013 14:50:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2430 [GMT -6:00]
Running from: c:\users\Shar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Unfriend Checker\uc.Dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-28 20:55 . 2013-02-28 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-28 12:18 . 2013-02-28 12:18 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-02-28 12:18 . 2013-02-28 12:18 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-28 12:18 . 2013-02-28 12:18 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-02-28 12:18 . 2013-02-28 12:18 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-02-28 12:09 . 2013-02-28 12:09 -------- d--h--w- c:\programdata\Common Files
2013-02-27 18:35 . 2013-02-27 18:35 -------- d-----w- C:\_OTL
2013-02-27 13:59 . 2013-02-27 13:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-27 13:59 . 2013-02-27 13:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-26 09:38 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B9CE5F7-06C7-4396-9905-29DA0443A54E}\mpengine.dll
2013-02-26 01:47 . 2013-02-26 01:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-02-26 01:46 . 2013-02-26 01:46 -------- d-----w- c:\programdata\CanonBJ
2013-02-26 01:46 . 2012-03-14 11:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAA.DLL
2013-02-26 01:46 . 2012-03-14 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAA.DLL
2013-02-26 01:46 . 2012-03-14 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\1_CNMPDAA.DLL
2013-02-26 01:46 . 2012-03-14 11:00 385024 ----a-w- c:\windows\system32\CNMLMAA.DLL
2013-02-26 01:45 . 2010-03-19 01:26 348672 ----a-w- c:\windows\system32\CNC280L.dll
2013-02-26 01:45 . 2010-03-19 01:25 307200 ----a-w- c:\windows\SysWow64\CNC280L.dll
2013-02-26 01:45 . 2010-03-18 23:13 1354240 ----a-w- c:\windows\system32\CNC280C.dll
2013-02-26 01:45 . 2010-03-18 23:13 112128 ----a-w- c:\windows\system32\CNC280I.dll
2013-02-26 01:45 . 2010-03-18 23:11 106496 ----a-w- c:\windows\SysWow64\CNC280U.dll
2013-02-26 01:45 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-02-26 01:45 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-02-20 00:27 . 2013-02-20 00:27 -------- d-----w- c:\program files (x86)\JRE
2013-02-20 00:27 . 2013-02-20 00:27 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-02-19 22:52 . 2013-02-27 14:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-18 18:08 . 2013-02-18 18:08 -------- d-----w- c:\program files (x86)\TouchFreeze
2013-02-18 17:48 . 2013-02-18 17:48 -------- d-----w- c:\program files (x86)\GPLGS
2013-02-18 17:48 . 2013-02-18 17:48 -------- d-----w- c:\program files (x86)\Ask.com
2013-02-18 17:33 . 2012-10-05 00:49 87152 ----a-w- c:\windows\system32\cpwmon64.dll
2013-02-18 17:33 . 2013-02-18 17:33 -------- d-----w- c:\program files (x86)\Acro Software
2013-02-18 16:58 . 2013-02-18 16:59 -------- d-----w- c:\program files (x86)\Wajam
2013-02-18 15:03 . 2013-02-05 04:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-16 16:09 . 2013-02-28 14:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 16:09 . 2013-02-27 14:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-16 16:09 . 2013-02-27 14:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-15 12:12 . 2013-02-24 16:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-15 12:12 . 2013-02-24 16:29 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-15 12:11 . 2013-02-24 16:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-15 12:11 . 2013-02-21 15:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-15 05:47 . 2013-02-15 05:48 -------- d-----w- c:\programdata\VirtualizedApplications
2013-02-15 03:41 . 2013-02-15 03:41 -------- d-----r- C:\MSOCache
2013-02-15 03:36 . 2013-02-15 03:36 -------- d-----w- c:\program files\Microsoft Office
2013-02-15 03:36 . 2013-02-16 09:07 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2013-02-14 14:02 . 2013-02-14 14:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-14 09:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:57 . 2013-02-27 05:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 21:57 . 2013-02-27 05:09 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 21:57 . 2013-02-13 21:57 -------- d-----w- c:\windows\system32\Macromed
2013-02-13 21:36 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 21:36 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 21:36 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 21:36 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 21:36 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:36 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 21:36 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:36 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 10:21 . 2013-02-13 10:21 -------- d-----w- c:\programdata\Ask
2013-02-13 10:21 . 2013-02-13 10:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-13 10:10 . 2013-02-13 10:10 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-02-13 09:20 . 2013-02-13 09:20 -------- d-----w- c:\programdata\McAfee
2013-02-13 09:00 . 2013-02-13 09:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-13 08:31 . 2013-02-27 13:20 -------- d-----w- c:\users\Personal
2013-02-12 09:30 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-02-12 09:30 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-12 09:30 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-12 09:30 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-12 05:45 . 2013-02-12 05:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-02-11 18:27 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-11 18:27 . 2013-02-11 18:27 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-11 18:26 . 2013-02-11 18:26 -------- d-----w- c:\program files\iPod
2013-02-11 18:26 . 2013-02-11 18:27 -------- d-----w- c:\program files\iTunes
2013-02-11 18:26 . 2013-02-11 18:27 -------- d-----w- c:\program files (x86)\iTunes
2013-02-11 18:26 . 2013-02-11 18:26 -------- d-----w- c:\programdata\Apple Computer
2013-02-11 18:25 . 2013-02-11 18:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-02-11 18:24 . 2013-02-11 18:24 -------- d-----w- c:\program files\Common Files\Apple
2013-02-11 18:24 . 2013-02-11 18:24 -------- d-----w- c:\program files\Bonjour
2013-02-11 18:24 . 2013-02-11 18:24 -------- d-----w- c:\program files (x86)\Bonjour
2013-02-11 18:24 . 2013-02-11 18:26 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-02-11 18:24 . 2013-02-11 18:25 -------- d-----w- c:\programdata\Apple
2013-02-11 14:47 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-11 14:47 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2013-02-11 14:45 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2013-02-11 14:45 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2013-02-11 14:45 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-02-11 14:45 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-02-11 14:43 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2013-02-11 14:43 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2013-02-11 14:41 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-02-11 14:41 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-02-11 14:41 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-02-11 14:41 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-02-11 14:41 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-02-11 14:41 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-02-11 14:24 . 2013-02-11 14:59 -------- d-----w- c:\program files\Paint.net
2013-02-11 14:05 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2013-02-11 14:05 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-02-11 14:05 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2013-02-11 14:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2013-02-11 14:05 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-02-11 14:05 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-02-11 14:05 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2013-02-11 14:05 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-02-11 14:05 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2013-02-11 14:05 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2013-02-11 14:05 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-02-11 14:05 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2013-02-11 14:04 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-02-11 14:04 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-02-11 14:04 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-02-11 14:04 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-02-11 14:04 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-02-11 14:04 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2013-02-11 14:03 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-02-11 14:03 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-02-11 14:03 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-11 14:03 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-02-11 14:03 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-02-11 14:03 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-02-11 14:03 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-02-11 14:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2013-02-11 14:01 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2013-02-11 14:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2013-02-11 14:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 10:21 . 2011-03-24 02:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 07:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 21:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-03 03:05 1527944 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-03 1527944]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-10 39408]
"TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-03 1718920]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-02-28 1151152]
.
c:\users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Cricket Broadband AC3781\AC3781\bin\MonServiceUDisk.exe [2012-02-28 696320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-28 39768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-02-03 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-28 968880]
S3 CT_ZTEMT_U_USBNET;ZTEMT USB-NDIS miniport;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBNET.SYS [2012-02-28 223416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2012-02-28 120704]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-22 12:05 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 05:09]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10 17:26]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10 17:26]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001Core.job
- c:\users\Personal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-16 17:51]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195102768-3690358528-4191018610-1001UA.job
- c:\users\Personal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-16 17:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{5F00EDDF-76FC-43D6-9C69-C2DD4811ABA6}: NameServer = 10.133.20.11 10.132.20.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={0DDB458B-DEE1-4B57-B59F-B620AAC09D06}&mid=e11fac6db7a247d3b0dcd1e980e4e9f3-a0985b0dcc9b7177163f1bc18bb897414cdd23f0&lang=en&ds=ft011&pr=sa&d=2013-02-28 06:18&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
FF - ExtSQL: 2013-02-11 00:14; uc@uc.com; c:\program files (x86)\Unfriend Checker\FF
FF - ExtSQL: 2013-02-28 06:18; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{09942569-D515-42BE-9F5A-A439B20F91AB} - c:\program files (x86)\Unfriend Checker\uc.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-28 14:57:55
ComboFix-quarantined-files.txt 2013-02-28 20:57
.
Pre-Run: 540,361,240,576 bytes free
Post-Run: 540,357,754,880 bytes free
.
- - End Of File - - 9488954B9709EC5EC6F10DC771381182
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now retry the other fix bit :)


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2013/01/16 10:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/01/09 14:11:54 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...SSPV=SP_IENSP06
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN65290952187852156"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/11 01:09:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/02/08 10:30:02 | 000,037,909 | ---- | M] ()
[2013/02/11 07:52:42 | 000,001,120 | ---- | M] () -- C:\Users\Shar\AppData\Roaming\Mozilla\Firefox\Profiles\vq3rjcvf.default\searchplugins\whitesmoke-b-customized-web-search.xml
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll (Save Valet)
O2 - BHO: (GetSavin 5.0) - {59928EFD-D960-4EA3-BD27-A1ED2471670D} - C:\Users\Shar\AppData\Local\getsavin\ie\getsavin_1361206502.dll ()
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/02/18 10:59:20 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\getsavin
[2013/02/18 10:58:54 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/02/18 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Wajam
[2013/02/18 10:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013/02/11 07:54:43 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\SwvUpdater
[2013/02/11 07:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/11 07:54:12 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Local\Conduit
[2013/02/11 01:09:07 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/02/11 01:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/02/11 01:08:49 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/02/11 01:08:49 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/11 01:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/02/11 01:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/11 01:08:39 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Delta
[2013/02/11 01:08:30 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/11 01:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/11 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Shar\AppData\Roaming\Babylon
[2013/02/11 00:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveValet
[2013/02/10 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/02/27 08:58:39 | 000,000,352 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job

:Files
C:\ProgramData\BrowserProtect
C:\Program Files (x86)\Wajam
C:\Users\Shar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#10
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i tried the fix and it stopped responding like before. i let it go for about an hour but it didn't do anything. when i rebootedi it was a black screen and written on it was :no bootable device -- insert boot disk and press any key". I'm using my back up computer which has issues of it's own but i think will keep up with us til the other is back up. i don't have a boot disk so googled what it said and a link came up to download one from the following website:
http://malwaretips.c...d-press-any-key
at the following link:
http://msft.digitalr...n/X17-24209.iso > Windows 7 Home Premium SP1 x64 English

i'm downloading it to disc on this backup laptop but don't want to use it unless it's safe. can you give me the go ahead or suggest other options to get it back up and running?
thanks

ok this backup isn't downloading so i'll just wait to hear from you. thanks

Edited by twswford, 01 March 2013 - 02:59 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that does sound a bit weird

Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC This is different to the one you are currently downloading but smaller, however the full cd will do the same. So if you have finished downloading the full ISO then use that
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#12
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i've done the downloads and the icons are on my desktop however when i right click on the wintoboot icon i don't get the option to extract. i've attached a screenshot so you can see the actual and i'm gonna wait for your reply to do anything. thanks

Attached Thumbnails

  • dt icons.png

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My apologies it is no longer in zip format, I will need to change my destruction .. Just double click the icon to run
  • 0

#14
twswford

twswford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
so do this on my "not sick" computer?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct , then use the USB to boot the sick one
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP