Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer "Page Can't Be Displayed" - Suspected Ma

Started by toebash24 , Aug 08 2013 07:50 PM

  • Please log in to reply

#1
toebash24
Posted 08 August 2013 - 07:50 PM

toebash24

    Member

  • Member
  • PipPip
  • 30 posts
Hi Everyone, I suspect I have a malware infection. Despite full internet functionality via Firefox, I am unable to access any websites via Internet Explorer. I get the following error page: "This paqe can't be displayed". I rarely use IE, however an application I'm trying to use for grad school requires access via IE and that is how I discovered my problem. I have tried the following so far:
-I have run Norton scans, Ad-Aware scans, Spybot scans, and also reset my IE settings.
-I have also checked the "detect proxy settings" box and unchecked it.
-I have uninstalled IE 10 and then tried IE 9 before reinstalling IE 10 to no avail.
-Disabled non-microsoft startup programs

Thanks in advance for the help!

OTL Log:

OTL logfile created on: 8/8/2013 9:41:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.26% Memory free
7.85 Gb Paging File | 5.79 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 346.79 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive E: | 268.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/08 21:37:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2013/08/08 15:45:02 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/08/08 15:35:50 | 001,100,616 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/07/03 11:36:05 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/06/13 13:13:02 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/04 19:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/01/05 06:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/30 20:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/08 21:07:48 | 000,805,888 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd
MOD - [2013/08/08 21:07:48 | 000,557,056 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd
MOD - [2013/08/08 21:07:48 | 000,504,832 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\windows._cacheinvalidation.pyd
MOD - [2013/08/08 21:07:48 | 000,364,544 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\pythoncom27.dll
MOD - [2013/08/08 21:07:48 | 000,320,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd
MOD - [2013/08/08 21:07:48 | 000,128,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_elementtree.pyd
MOD - [2013/08/08 21:07:48 | 000,098,816 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32api.pyd
MOD - [2013/08/08 21:07:48 | 000,087,040 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_ctypes.pyd
MOD - [2013/08/08 21:07:48 | 000,070,656 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._html2.pyd
MOD - [2013/08/08 21:07:48 | 000,044,032 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_socket.pyd
MOD - [2013/08/08 21:07:48 | 000,026,624 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd
MOD - [2013/08/08 21:07:48 | 000,022,528 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32ts.pyd
MOD - [2013/08/08 21:07:48 | 000,017,408 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32profile.pyd
MOD - [2013/08/08 21:07:48 | 000,011,264 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32crypt.pyd
MOD - [2013/08/08 21:07:47 | 001,175,040 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._core_.pyd
MOD - [2013/08/08 21:07:47 | 001,153,024 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_ssl.pyd
MOD - [2013/08/08 21:07:47 | 000,811,008 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._windows_.pyd
MOD - [2013/08/08 21:07:47 | 000,735,232 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._misc_.pyd
MOD - [2013/08/08 21:07:47 | 000,711,680 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\_hashlib.pyd
MOD - [2013/08/08 21:07:47 | 000,122,368 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._wizard.pyd
MOD - [2013/08/08 21:07:47 | 000,119,808 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32file.pyd
MOD - [2013/08/08 21:07:47 | 000,110,080 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\PyWinTypes27.dll
MOD - [2013/08/08 21:07:47 | 000,108,544 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32security.pyd
MOD - [2013/08/08 21:07:47 | 000,038,912 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32inet.pyd
MOD - [2013/08/08 21:07:47 | 000,035,840 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32process.pyd
MOD - [2013/08/08 21:07:47 | 000,025,600 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32pdh.pyd
MOD - [2013/08/08 21:07:46 | 001,062,400 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\wx._controls_.pyd
MOD - [2013/08/08 21:07:46 | 000,686,080 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\unicodedata.pyd
MOD - [2013/08/08 21:07:46 | 000,127,488 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\pyexpat.pyd
MOD - [2013/08/08 21:07:46 | 000,018,432 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\win32event.pyd
MOD - [2013/08/08 21:07:46 | 000,010,240 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI35802\select.pyd
MOD - [2013/08/08 15:45:03 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/08/08 15:45:03 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/08/08 15:45:03 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/08/08 15:35:50 | 001,100,616 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/08/08 15:35:50 | 000,157,000 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/07/03 11:36:05 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/13 13:13:02 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/16 02:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/08 15:35:50 | 000,945,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/03 11:36:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 13:13:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/09 16:59:16 | 000,103,272 | ---- | M] (Wondershare) [Disabled | Stopped] -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe -- (WACService)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/30 20:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/30 20:15:45 | 000,135,608 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/22 21:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) [Disabled | Stopped] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 15:35:50 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/29 21:05:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/03/13 08:40:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 14:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 14:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/05 06:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 06:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 06:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/22 22:22:10 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/28 17:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/18 19:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/22 00:03:49 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130707.005\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 00:03:48 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130707.005\eng64.sys -- (NAVENG)
DRV - [2013/03/12 16:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130705.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/01 10:56:53 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/13 16:26:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledAddons: check4change-owner%40mozdev.org:1.9.3
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...sa&d=2013-08-08 15:35:59&pid=avg&sg=&v=14.0.0.12&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/23 14:46:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/17 22:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/07/23 14:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.12 [2013/08/08 15:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/22 14:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 11:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 15:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/08 15:44:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/22 14:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 11:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 15:44:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/08 15:44:59 | 000,000,000 | ---D | M]

[2012/08/11 18:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2012/10/22 19:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions
[2012/09/20 15:36:06 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions\[email protected]
[2012/09/17 22:36:32 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions\[email protected]
[2013/07/03 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/23 15:49:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/23 15:49:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 11:36:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y

O1 HOSTS File: ([2013/08/08 20:42:23 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe (matt.malensek.net)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EPSON39E689 (Epson Stylus NX420)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\windows\TEMP\E_S8869.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [TwoFingerScroll] C:\Users\Nick\Desktop\TwoFingerScroll.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.238.1.61 66.28.0.61 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1642BFD5-82B9-49F0-BA6A-FE2B3A489F1A}: DhcpNameServer = 10.70.2.50 10.70.2.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABDBFF6C-F0FE-452D-B804-00C5916BA713}: DhcpNameServer = 24.238.1.61 66.28.0.61 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/01/09 20:00:02 | 000,000,961 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\ar32e301\command - "" = E:\GOODIES\AR32E301.EXE -- [1998/07/30 14:29:20 | 004,018,104 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\AutoRun\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1998/07/29 21:00:06 | 000,086,528 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY60A.EXE -- [1998/09/01 15:37:02 | 000,255,744 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxdiag\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1998/07/29 21:00:06 | 000,286,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxinfo\command - "" = E:\DIRECTX\DXINFO.EXE -- [1998/07/29 21:00:06 | 000,309,760 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtest\command - "" = E:\GOODIES\DIRECTX\DX5TEST.EXE -- [1998/09/03 16:00:02 | 000,106,496 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 13:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\msinfo\command - "" = E:\GOODIES\MSINFO\MSINFO32.EXE -- [1996/08/08 14:40:06 | 000,452,096 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\sampler\command - "" = E:\SAMPLER\SAMPLER.EXE -- [1997/06/30 17:11:52 | 000,014,403 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\setup\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\zone\command - "" = E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE -- [1998/08/28 16:55:26 | 009,795,972 | R--- | M] ()
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/08 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/08 15:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/08/08 15:37:57 | 000,000,000 | ---D | C] -- C:\windows\Fonts\AdvUninstal
[2013/08/08 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Innovative Solutions
[2013/08/08 15:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/08/08 15:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/08/08 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Uninstaller PRO
[2013/08/08 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\AVG Secure Search
[2013/08/08 15:35:58 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/08/08 15:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/08/08 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/08/08 15:35:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/08 15:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/08/08 15:34:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\IEFix
[2013/08/08 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\e-academy Inc
[2013/08/08 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\e-academy Inc
[2013/08/05 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Kittens
[2013/08/05 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Apt 212 Lease
[2013/07/31 07:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/07/30 08:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/29 07:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013/07/29 07:40:58 | 000,716,800 | ---- | C] (Pharos Systems International) -- C:\windows\SysNative\PSR98E35.DLL
[2013/07/29 07:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PharosSystems
[2013/07/29 07:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
[2013/07/29 07:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pharos
[2013/07/25 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\LL Contract
[2013/07/22 14:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/07/22 14:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/07/22 14:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/07/22 14:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/07/22 14:25:30 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\adawarebp
[2013/07/21 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/21 17:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/21 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/07/21 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\LavasoftStatistics
[2013/07/21 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/07/21 16:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/07/21 16:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/07/21 16:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/07/21 16:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/07/21 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Ad-Aware Antivirus
[2013/07/19 03:00:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/07/18 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/04/27 11:34:11 | 012,556,224 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Nick\gosetup.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/08 21:14:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 21:14:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 21:12:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 21:08:05 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 21:07:45 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/08/08 21:07:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/08 21:07:10 | 3162,087,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 20:58:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-285638692-1628021285-1877425603-1000UA.job
[2013/08/08 20:58:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/08 20:42:23 | 000,000,822 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/08/08 18:45:54 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/08/08 16:34:22 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/08 16:34:22 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/08 16:05:38 | 000,002,121 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/08 16:02:30 | 000,001,448 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/08 15:37:55 | 000,002,189 | ---- | M] () -- C:\Users\Nick\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/08/08 15:35:50 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/08/08 15:12:25 | 000,003,133 | ---- | M] () -- C:\Users\Nick\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013/08/08 14:58:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-285638692-1628021285-1877425603-1000Core.job
[2013/08/05 23:24:45 | 000,053,130 | ---- | M] () -- C:\Users\Nick\Desktop\evolution.jpg
[2013/08/05 21:31:04 | 000,606,869 | ---- | M] () -- C:\Users\Nick\Desktop\jean.jpg
[2013/08/05 20:01:50 | 000,779,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/05 20:01:50 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/05 20:01:50 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/03 20:17:38 | 000,396,723 | ---- | M] () -- C:\Users\Nick\Desktop\212-SAB-LEASE.pdf
[2013/08/01 23:09:20 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/30 17:04:52 | 000,514,448 | ---- | M] () -- C:\Users\Nick\Desktop\CPR2.jpg
[2013/07/30 17:04:23 | 000,549,071 | ---- | M] () -- C:\Users\Nick\Desktop\CPR1
[2013/07/30 16:58:00 | 004,067,999 | ---- | M] () -- C:\Users\Nick\Desktop\NeuroLab2.pdf
[2013/07/30 15:30:09 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/30 15:30:08 | 001,890,865 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/07/30 14:45:45 | 000,010,926 | ---- | M] () -- C:\Users\Nick\Desktop\Barry Feb 2013.pdf
[2013/07/30 08:49:47 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/23 15:48:20 | 000,413,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/23 14:47:33 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/22 13:45:13 | 000,007,602 | ---- | M] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2013/07/19 23:19:29 | 001,289,589 | ---- | M] () -- C:\Users\Nick\Documents\desk2.jpg
[2013/07/19 23:19:18 | 001,355,005 | ---- | M] () -- C:\Users\Nick\Documents\desk1.jpg
[2013/07/18 21:36:43 | 000,700,290 | ---- | M] () -- C:\Users\Nick\Documents\Temple.jpeg
[2013/07/18 19:39:03 | 000,116,090 | ---- | M] () -- C:\Users\Nick\Desktop\GradEnrollment_1314.pdf
[2013/07/11 18:55:33 | 000,749,148 | ---- | M] () -- C:\Users\Nick\Desktop\LLrelease4.jpeg
[2013/07/11 18:54:04 | 000,692,412 | ---- | M] () -- C:\Users\Nick\Desktop\LLrelease1.jpeg
[2013/07/11 18:53:24 | 000,597,160 | ---- | M] () -- C:\Users\Nick\Desktop\LLrelease3.jpeg
[2013/07/11 18:51:40 | 000,827,762 | ---- | M] () -- C:\Users\Nick\Desktop\LLrelease2.jpeg
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/08 16:34:22 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/08 16:34:22 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/08 15:37:55 | 000,002,189 | ---- | C] () -- C:\Users\Nick\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/08/08 15:37:55 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/08/08 15:37:50 | 000,042,496 | ---- | C] () -- C:\windows\SysWow64\AdvUninstCPL.cpl
[2013/08/08 14:57:03 | 000,003,133 | ---- | C] () -- C:\Users\Nick\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013/08/05 23:24:20 | 000,053,130 | ---- | C] () -- C:\Users\Nick\Desktop\evolution.jpg
[2013/08/05 21:30:02 | 000,606,869 | ---- | C] () -- C:\Users\Nick\Desktop\jean.jpg
[2013/08/03 20:17:38 | 000,396,723 | ---- | C] () -- C:\Users\Nick\Desktop\212-SAB-LEASE.pdf
[2013/08/01 23:09:20 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/30 17:04:42 | 000,514,448 | ---- | C] () -- C:\Users\Nick\Desktop\CPR2.jpg
[2013/07/30 17:04:06 | 000,549,071 | ---- | C] () -- C:\Users\Nick\Desktop\CPR1
[2013/07/30 16:57:59 | 004,067,999 | ---- | C] () -- C:\Users\Nick\Desktop\NeuroLab2.pdf
[2013/07/30 15:30:09 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/30 14:45:45 | 000,010,926 | ---- | C] () -- C:\Users\Nick\Desktop\Barry Feb 2013.pdf
[2013/07/30 08:49:47 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/28 18:59:25 | 001,371,247 | ---- | C] () -- C:\Users\Nick\Desktop\desk2.JPG
[2013/07/28 18:59:19 | 001,400,479 | ---- | C] () -- C:\Users\Nick\Desktop\desk1.JPG
[2013/07/22 13:45:13 | 000,007,602 | ---- | C] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2013/07/19 23:19:28 | 001,289,589 | ---- | C] () -- C:\Users\Nick\Documents\desk2.jpg
[2013/07/19 23:19:18 | 001,355,005 | ---- | C] () -- C:\Users\Nick\Documents\desk1.jpg
[2013/07/18 21:37:23 | 000,700,290 | ---- | C] () -- C:\Users\Nick\Documents\Temple.jpeg
[2013/07/18 19:39:02 | 000,116,090 | ---- | C] () -- C:\Users\Nick\Desktop\GradEnrollment_1314.pdf
[2013/07/11 18:55:33 | 000,749,148 | ---- | C] () -- C:\Users\Nick\Desktop\LLrelease4.jpeg
[2013/07/11 18:54:57 | 000,827,762 | ---- | C] () -- C:\Users\Nick\Desktop\LLrelease2.jpeg
[2013/07/11 18:54:39 | 000,597,160 | ---- | C] () -- C:\Users\Nick\Desktop\LLrelease3.jpeg
[2013/07/11 18:54:19 | 000,692,412 | ---- | C] () -- C:\Users\Nick\Desktop\LLrelease1.jpeg
[2013/03/29 21:53:04 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2013/02/23 18:42:01 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/11/23 17:20:19 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/11/23 17:20:19 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/09/03 20:16:13 | 000,000,605 | ---- | C] () -- C:\Users\Nick\.powerschool_gradebook.properties
[2012/09/03 20:15:51 | 000,000,012 | ---- | C] () -- C:\Users\Nick\.gradebook_userdict.tlx
[2012/08/11 21:05:34 | 734,232,576 | ---- | C] () -- C:\Users\Nick\The.Station.Agent[2003]DvDrip[Eng].avi
[2012/08/11 21:05:24 | 848,943,973 | ---- | C] () -- C:\Users\Nick\The Color of Friendship.mp4
[2012/05/12 06:18:13 | 000,773,940 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/12 05:38:03 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/05/10 15:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 14:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 15:51:06 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 15:51:04 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 15:51:04 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/10 23:39:16 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/23 14:36:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ad-Aware Antivirus
[2013/03/29 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2013/08/08 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\e-academy Inc
[2012/11/20 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Elluminate
[2013/05/05 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SoftGrid Client
[2012/08/12 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SystemRequirementsLab
[2012/09/06 22:21:52 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Thunderbird
[2013/03/29 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Toshiba
[2012/08/11 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TP
[2013/07/24 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2012/09/20 17:20:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\VOWSoft
[2012/08/11 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinBatch
[2012/11/30 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Documents\Temple.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\Nicholas.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LauraLee.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaidfallspring.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaid.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
  • 0

Advertisements

#2
23red
Posted 09 August 2013 - 09:03 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hello toebash24

Welcome, I'm 23red, and it'll be my pleasure to assist you with your computer. :D I am currently reviewing your log, in the meantime I'd be grateful if you would note the following:

• I am currently in training, responses must be reviewed by my instructor before being posted. As such, there will likely be a delay between posts. You have an advantage here in that there are two people examining your issue :yes:

• Please make sure to carefully read every post completely before doing anything.

• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from your system. This is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is clear of malware.

• Please save any instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• The Logs do take time to analyze. I much appreciate your understanding and patience.

• You must reply to this topic within four days ~ failure to reply will result in the topic being closed! If you need it reopened please PM myself or a moderator.

Lastly, any chance you have the extras.txt that came with that OTL run? Please post it if you do, thanks :)
  • 0

#3
toebash24
Posted 09 August 2013 - 09:42 AM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, thanks for the help. Here is the extra.txt:

OTL Extras logfile created on: 8/8/2013 9:41:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.26% Memory free
7.85 Gb Paging File | 5.79 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 346.79 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive E: | 268.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B27DB6-3CF8-4AAF-A95C-DA347A6B5E0F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{023579C4-5C18-4C4B-8606-60ED94720B49}" = rport=10243 | protocol=6 | dir=out | app=system |
"{02B3B4B4-63AB-44B6-9105-07B05830E335}" = lport=138 | protocol=17 | dir=in | app=system |
"{03301FE2-56DA-4969-B866-B05CE5927837}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0845BD2B-C1D0-49E3-8890-E0F81B071570}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0B665CE7-12F1-4BD5-9DB0-BF4BC680051A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13F12344-1608-480C-86E8-D90E3309C494}" = rport=445 | protocol=6 | dir=out | app=system |
"{166B9020-A04D-4CCF-8C94-5173EE2D144D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A4BD06B-1AD7-451C-9C4B-5F96EA547748}" = lport=137 | protocol=17 | dir=in | app=system |
"{4135326F-A83B-475B-AFB5-F73601900B10}" = lport=139 | protocol=6 | dir=in | app=system |
"{453ADA2C-6BAA-4F84-9961-26CC4EB86D37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F7CCB7D-710F-44D2-9D1B-9FF5829435C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54FCA36B-6B58-44AA-BA5D-77D9FE1ED795}" = rport=139 | protocol=6 | dir=out | app=system |
"{56E54683-6656-4992-AC99-450A3D3594CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6CDEE5A0-FD21-4D81-9573-0469E4112E7F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C9C804D-EB3A-41C0-9433-56928A67615A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7EB4461E-F0D2-4078-8AD5-596343A6720E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{888FDFA3-5D84-4F50-8068-CC2ECDA70385}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E2CF00C-54C4-419A-9245-E3C0B51DF15B}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{A2B5D6BC-BE72-449F-84FF-F8B98E937826}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1108B3F-9FA8-4068-A27F-7DE5D546DD7D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D935B42D-DC8C-40A9-8219-11685B6E2DF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC8C202A-18CD-4224-9275-45D0FCF2974D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F86F9D36-DD73-416E-8A5C-924AA2055151}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD11C6E9-5F9B-47F5-A46B-033143F121C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B762CC-8835-4787-A8A0-174A8D94D908}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05CF69A7-9C56-4C2C-9A6B-29C24EEFCC11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06EB8876-067C-4381-8BDF-ED56D161DE7F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B375C53-68CA-4C38-83C7-0EC373332B63}" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0F9FA846-40D4-4519-B82A-2D07C60F2FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{10091A77-42AA-4A16-883D-A956528A3630}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{1282E85D-E5FF-4D80-B5EF-B5ADCF412311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{166074F6-B8FF-4E96-973B-425CA8CE626A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{27171923-025B-48DA-89C7-B189010F0632}" = protocol=1 | dir=in | [email protected],-28543 |
"{2761C2B5-4783-4AFA-819B-B0958E749614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{283F4BBD-FEA2-4BEA-954B-0EFE316F98F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{29986286-C5C8-4AD1-AE85-B06E7EB2ED6B}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{2A7242A7-9ABE-4DCB-9C2C-A2F48248DE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2FBB5232-E883-412A-94CC-C26DA5FB903D}" = dir=in | app=%programfiles% (x86)\steam\steam.exe |
"{30B61CB6-4D73-44D8-B505-AE8AC0BDC769}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{32EBF57E-0F37-4ECF-9540-418B6BD544CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36ACD1FB-6DA2-44D8-A82F-FBF6DB9B810C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AECA033-59BB-4F9D-BBF4-0C129E78B006}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3AFB14BB-C828-4017-B597-20612A236798}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3F7F3E50-A7D4-4078-9C2E-ADC49BC67910}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{40748F2E-A141-4005-B60A-A22627115E20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4C278A65-3188-49AD-AE78-8594857E28B7}" = dir=out | app=%programfiles% (x86)\steam\steam.exe |
"{4CED4F59-AB50-4F97-AE53-3CB3B867BD75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{507B4D6D-4526-4E5C-A471-32EBA67C2AB6}" = protocol=17 | dir=in | app=c:\users\nick\appdata\roaming\utorrent\utorrent.exe |
"{515A2C9E-6368-4B42-8C8F-64133D6ABC05}" = protocol=6 | dir=in | app=c:\users\nick\appdata\roaming\utorrent\utorrent.exe |
"{6B1B24C3-A71A-4F93-B782-FCA48D834B13}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{6B69B3CE-0C89-498A-859A-3EF45C6EB3F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6D574550-50DF-4C50-855B-B2E037AFECF4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71C579E7-E89B-474E-8C2F-FB17E6BD6A50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{73466286-B37A-4E40-A334-FC8093398F2C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73F8ACF3-B9C1-47F8-9040-306486C31BE7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{76EDAA8F-E85D-4287-A9B8-4E4F7BD23A11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{77C8718D-D59E-4A16-A119-884C25351F9E}" = protocol=58 | dir=out | [email protected],-28546 |
"{7F5A9A15-6435-433C-A7F0-A42AFF48CB99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{95A85D3D-8DF5-4E58-B7E9-57CB2AD813CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{A169F2F4-CA77-46C2-9907-A3079887FBA2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A8D84EB5-D9A6-408E-ACE8-E4BCDBE741D3}" = protocol=6 | dir=out | app=system |
"{ACC75639-7557-4F0E-84ED-EAEDD0851E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{AE453A79-43B5-452F-B9DF-A2F4AD5C3B69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B88145C4-0EDB-40FA-AD54-59B01B64611E}" = protocol=1 | dir=out | [email protected],-28544 |
"{C32C2E77-3B1A-4899-AC32-C8FE5130F1C9}" = protocol=58 | dir=in | [email protected],-28545 |
"{C64A5B7D-BBF7-485B-A822-C49B424FA153}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{D5FDCDAD-1ED8-44B3-B293-835D59E53650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6068E8C-06FE-4044-A7E2-0E85F2D74A9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7C6F55C-B8D6-427D-9083-82AC8501A43F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBC478D8-92A7-4469-9500-D4EC461B4239}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEF338ED-6D92-429B-AF50-BF8EC2C0C982}" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E653E4CE-2F46-4114-BEE4-FCDB3B45923A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1715D63-E0BE-431F-96FC-33FBB1E5710D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F570F3D1-7D86-410D-8D09-9814C1257E21}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F6863973-9C4A-4C3C-9DED-70486913568F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F814115B-F7C4-42A5-A944-200D851FF67A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{D536ECF9-C877-4E8D-8AA1-8606816C76D9}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"TCP Query User{ECFAA6D5-BA40-4BE1-A291-3CB606C6BA0D}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1F792BBC-C05E-4E3D-A64B-ACA49BA285B3}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DA28EFB6-43D5-4F28-B410-53A76672F5E4}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}" = TOSHIBA Audio Enhancement
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}" = 64 Bit HP CIO Components Installer
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217011F0}" = Java 7 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}" = 3RVX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7682DFED-23C6-44C9-B9FD-109E0B630277}" = Secure Download Manager
"{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D78149D7-480E-4012-8071-7B68B3E02527}" = ExamGuard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"AVG Secure Search" = AVG Security Toolbar
"Combat Arms" = Combat Arms
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"iBackupBot for iTunes" = iBackupBot for iTunes 3.5.5
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Full)
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Pharos" = Pharos
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"SendToKindle" = Amazon Send to Kindle
"ToshibaSD" = Toshiba Security Dashboard
"uTorrent" = µTorrent
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-8b67abdb-90ac-42c0-bb85-138f219bb605" = Letters from Nowhere 2
"WTA-958a7bb1-72b0-4d0c-857d-c6dc447dfb0e" = Plants vs. Zombies - Game of the Year
"WTA-a6afacd7-917c-4619-b64d-6720d0db9cb1" = FATE
"WTA-d4eb59cc-e9c0-4089-a8bf-57fd4a040225" = Bejeweled 3
"WTA-e8090283-6b46-42c3-8db1-fcd8288fbd41" = Polar Bowler
"WTA-eed7f1c2-7dfd-4124-8820-7bf579508f06" = Penguins!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2013 10:28:30 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21123

Error - 7/22/2013 10:28:30 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21123

Error - 7/22/2013 10:28:31 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/22/2013 10:28:31 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22121

Error - 7/22/2013 10:28:31 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22121

Error - 7/23/2013 7:22:49 AM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2013 7:22:49 AM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32080264

Error - 7/23/2013 7:22:49 AM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32080264

Error - 7/23/2013 7:34:18 AM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 7:34:55 AM | Computer Name = Nick-PC | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 3/29/2013 9:30:29 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 4/1/2013 1:36:44 PM | Computer Name = Nick-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{ABDBFF6C-F0FE-452D-B804-00C5916BA713}
because another computer on the network has the same name. The server could not
start.

Error - 4/1/2013 1:36:44 PM | Computer Name = Nick-PC | Source = NetBT | ID = 4321
Description = The name "NICK-PC :0" could not be registered on the interface
with IP address 172.20.127.137. The computer with the IP address 172.16.129.67 did
not allow the name to be claimed by this computer.

Error - 4/1/2013 1:36:44 PM | Computer Name = Nick-PC | Source = NetBT | ID = 4321
Description = The name "NICK-PC :20" could not be registered on the interface
with IP address 172.20.127.137. The computer with the IP address 172.16.129.67 did
not allow the name to be claimed by this computer.

Error - 4/1/2013 1:37:36 PM | Computer Name = Nick-PC | Source = NetBT | ID = 4321
Description = The name "NICK-PC :0" could not be registered on the interface
with IP address 172.20.127.137. The computer with the IP address 172.16.129.67 did
not allow the name to be claimed by this computer.

Error - 4/1/2013 9:01:15 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 4/1/2013 9:01:15 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 4/13/2013 10:52:08 PM | Computer Name = Nick-PC | Source = bowser | ID = 8003
Description =

Error - 4/14/2013 1:31:36 PM | Computer Name = Nick-PC | Source = bowser | ID = 8003
Description =

Error - 4/15/2013 9:18:04 AM | Computer Name = Nick-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#4
23red
Posted 09 August 2013 - 05:50 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi
Thank you for the extras.txt. :) I'm going to finish going thru the logs, submit a fix to my instructor and post back quick as I am able.
  • 0

#5
toebash24
Posted 09 August 2013 - 05:52 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi
Thank you for the extras.txt. :) I'm going to finish going thru the logs, submit a fix to my instructor and post back quick as I am able.


Thank you very much.
  • 0

#6
toebash24
Posted 09 August 2013 - 06:12 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi
Thank you for the extras.txt. :) I'm going to finish going thru the logs, submit a fix to my instructor and post back quick as I am able.



Actually, I'm almost certain I have some sort of infection because IE can access the internet in Safe Mode. Just wanted to give you some more information. And now Thunderbird is having issues connecting. Not sure if it's related.. Thanks!
  • 0

#7
23red
Posted 09 August 2013 - 06:21 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Ok. Good information. Thank you. Investigating.... :)
  • 0

#8
23red
Posted 11 August 2013 - 08:29 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi toebash24 :)

First: You've got uTorrent installed. It's dangerous to use such programs. They'll bork up your computer!
One should avoid P2P Programs. Know that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them.

1. Uninstalls

I'm seeing three Antivirus programs running/installed. Only one AntiVirus per person per computer is needed. The three mix is not doing you much good, they're all fighting amongst themselves, getting nothing done and nobody's watching the door! AVG Secure Search is pretty much classified as trouble, Ad-Aware is also live Antivirus scanning with Norton which is not good. :no: If Norton is what you want to keep, please uninstall the other two.
We need to remove some programs help get you more stable and remove some vulnerabilities :)
To do this please do the following:

Go to Start ~> Control Panel ~> Programs and Features and uninstall the following if present:

~> Ad-aware
~> AVG Secure Search
~> Java 6 Update 25
~> Java 7 Update 11
~> Blekko Toolbar (if found)
~> uTorrent This is what we call an optional removal. The choice is yours. Your computer would run much better if uTorrent was uninstalled. It is a known source of malware, it's a rarity you'll download something from there without it. Please think seriously about uninstalling it as well.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Lets see if anything improves after running these fixes:

2. AdwCleaner

Please download AdwCleaner from here to your Desktop.

Posted Image

•Right click and Run as Administrator
•Once it opens click on the Search button
•Let AdwCleaner run thru,
•Once scan completes, Select Delete
•It will remove all it finds.
•Once done it will ask to reboot, please allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post the log.


3. OTL Fix

Please right click on Posted Image Run as Administrator, accept UAC prompts.

Under Posted Image
in the textbox at the bottom, please paste in the following purple text:




:Commands
[CREATERESTOREPOINT]
:OTL
PRC - [2013/08/08 15:35:50 | 001,100,616 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/08/08 15:35:50 | 000,157,000 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
SRV - [2013/08/08 15:35:50 | 000,945,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
[2013/08/08 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\AVG Secure Search
[2013/08/08 15:35:58 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/08/08 15:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/08/08 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/08/08 15:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
:Files
C:\Program Files (x86)\Common Files\AVG Secure Search
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]





* Then click the Posted Image button at the top
* Let the program run unhindered, it should reboot the PC when it is done. If you miss it, the text file should be located in C:_OTL ~> Moved files with today's date.
* Please post the fix log when you return.

4. Fresh OTL Log

• Please right click on Posted Image on your Desktop to reopen OTL.

• Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• Please also check the boxes next to Purity Check and Lop Check

• Under Posted Image
in the textbox at the bottom of the OTL window, please paste in the following purple text:




netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTOREPOINT]




•Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Post the log it produces in your next reply.


5.SecurityCheck by Screen317:

Please download Security Check by screen317.
• Save it to your Desktop.
• Double SecurityCheck to start the program
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that file in your topic.

When you return, please:
1. ADWCleaner log
2. OTL fix log
3. Fresh OTL log
4. Checkup.txt from Security Check
5. Please let me know what issues you are currently experiencing.
  • 0

#9
toebash24
Posted 11 August 2013 - 07:37 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks for all of your help!

AdwCleaner:

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 21:05:37
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nick - NICK-PC
# Boot Mode : Normal
# Running from : C:\Users\Nick\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Nick\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Nick\AppData\Local\Wondershare
Folder Deleted : C:\Users\Nick\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\adawaretb
Folder Deleted : C:\Users\Nick\AppData\Roaming\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.enabledAddons", "check4change-owner%40mozdev.org:1.9.3,DivXWebPlayer%40divx.co[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3204 octets] - [11/08/2013 21:05:17]
AdwCleaner[S1].txt - [3209 octets] - [11/08/2013 21:05:37]

########## EOF - C:\AdwCleaner[S1].txt - [3269 octets] ##########
  • 0

#10
toebash24
Posted 11 August 2013 - 07:38 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTL Fix Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named vprot.exe was found!
Error: No service named vToolbarUpdater14.0.1 was found to stop!
Service\Driver key vToolbarUpdater14.0.1 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG Secure Search\vprot.exe not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll not found.
Folder C:\Users\Nick\AppData\Local\AVG Secure Search\ not found.
File C:\windows\SysNative\drivers\avgtpx64.sys not found.
Folder C:\Program Files (x86)\Common Files\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\AVG Secure Search\ not found.
Folder C:\ProgramData\AVG Secure Search\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Downloads\cmd.bat deleted successfully.
C:\Users\Nick\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick
->Temp folder emptied: 4810200683 bytes
->Temporary Internet Files folder emptied: 50743632 bytes
->Java cache emptied: 38984794 bytes
->FireFox cache emptied: 128175785 bytes
->Flash cache emptied: 65097 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 273599103 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68093 bytes
RecycleBin emptied: 2449571465 bytes

Total Files Cleaned = 7,392.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08112013_210842

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\vm1a2k40.default\startupCache\startupCache.4.little not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
toebash24
Posted 11 August 2013 - 07:51 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Fresh OTL Log:

OTL logfile created on: 8/11/2013 9:39:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 59.91% Memory free
7.85 Gb Paging File | 6.20 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 350.79 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive E: | 268.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/08 21:37:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2013/07/03 11:36:05 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/06/04 19:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/01/05 06:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/30 20:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/11 21:34:58 | 000,128,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_elementtree.pyd
MOD - [2013/08/11 21:34:57 | 000,557,056 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\pysqlite2._sqlite.pyd
MOD - [2013/08/11 21:34:57 | 000,098,816 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32api.pyd
MOD - [2013/08/11 21:34:57 | 000,044,032 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_socket.pyd
MOD - [2013/08/11 21:34:57 | 000,026,624 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_multiprocessing.pyd
MOD - [2013/08/11 21:34:57 | 000,022,528 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32ts.pyd
MOD - [2013/08/11 21:34:56 | 000,320,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32com.shell.shell.pyd
MOD - [2013/08/11 21:34:53 | 000,805,888 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._gdi_.pyd
MOD - [2013/08/11 21:34:53 | 000,504,832 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\windows._cacheinvalidation.pyd
MOD - [2013/08/11 21:34:53 | 000,070,656 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._html2.pyd
MOD - [2013/08/11 21:34:53 | 000,011,264 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32crypt.pyd
MOD - [2013/08/11 21:34:51 | 000,087,040 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_ctypes.pyd
MOD - [2013/08/11 21:34:51 | 000,017,408 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32profile.pyd
MOD - [2013/08/11 21:34:50 | 001,175,040 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._core_.pyd
MOD - [2013/08/11 21:34:50 | 000,735,232 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._misc_.pyd
MOD - [2013/08/11 21:34:50 | 000,364,544 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\pythoncom27.dll
MOD - [2013/08/11 21:34:50 | 000,110,080 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\PyWinTypes27.dll
MOD - [2013/08/11 21:34:50 | 000,108,544 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32security.pyd
MOD - [2013/08/11 21:34:48 | 001,153,024 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_ssl.pyd
MOD - [2013/08/11 21:34:48 | 000,811,008 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._windows_.pyd
MOD - [2013/08/11 21:34:48 | 000,711,680 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\_hashlib.pyd
MOD - [2013/08/11 21:34:48 | 000,122,368 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._wizard.pyd
MOD - [2013/08/11 21:34:48 | 000,035,840 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32process.pyd
MOD - [2013/08/11 21:34:48 | 000,025,600 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32pdh.pyd
MOD - [2013/08/11 21:34:47 | 000,119,808 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32file.pyd
MOD - [2013/08/11 21:34:47 | 000,038,912 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32inet.pyd
MOD - [2013/08/11 21:34:46 | 001,062,400 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\wx._controls_.pyd
MOD - [2013/08/11 21:34:46 | 000,686,080 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\unicodedata.pyd
MOD - [2013/08/11 21:34:46 | 000,127,488 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\pyexpat.pyd
MOD - [2013/08/11 21:34:46 | 000,018,432 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\win32event.pyd
MOD - [2013/08/11 21:34:45 | 000,010,240 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\_MEI45042\select.pyd
MOD - [2013/07/03 11:36:05 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/16 02:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/03 11:36:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 13:13:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/30 20:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/30 20:15:45 | 000,135,608 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/22 21:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) [Disabled | Stopped] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/21 12:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/29 21:05:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/03/13 08:40:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 14:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 14:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/05 06:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 06:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 06:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/22 22:22:10 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/28 17:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/18 19:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/22 00:03:49 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130707.005\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 00:03:48 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130707.005\eng64.sys -- (NAVENG)
DRV - [2013/03/12 16:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130705.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/01 10:56:53 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/13 16:26:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-285638692-1628021285-1877425603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-285638692-1628021285-1877425603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-285638692-1628021285-1877425603-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-285638692-1628021285-1877425603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-285638692-1628021285-1877425603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/23 14:46:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/17 22:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/07/23 14:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/10 19:42:24 | 000,000,000 | ---D | M]

[2012/08/11 18:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2012/10/22 19:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions
[2012/09/20 15:36:06 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions\[email protected]
[2012/09/17 22:36:32 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vm1a2k40.default\extensions\[email protected]
[2013/07/03 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/23 15:49:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/23 15:49:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 11:36:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/08/11 21:09:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe (matt.malensek.net)
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [Akamai NetSession Interface] C:\Users\Nick\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [EPSON39E689 (Epson Stylus NX420)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\windows\TEMP\E_S8869.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-285638692-1628021285-1877425603-1000..\Run: [TwoFingerScroll] C:\Users\Nick\Desktop\TwoFingerScroll.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.238.1.61 66.28.0.61 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1642BFD5-82B9-49F0-BA6A-FE2B3A489F1A}: DhcpNameServer = 10.70.2.50 10.70.2.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABDBFF6C-F0FE-452D-B804-00C5916BA713}: DhcpNameServer = 24.238.1.61 66.28.0.61 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/01/09 20:00:02 | 000,000,961 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\ar32e301\command - "" = E:\GOODIES\AR32E301.EXE -- [1998/07/30 14:29:20 | 004,018,104 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\AutoRun\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1998/07/29 21:00:06 | 000,086,528 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY60A.EXE -- [1998/09/01 15:37:02 | 000,255,744 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxdiag\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1998/07/29 21:00:06 | 000,286,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxinfo\command - "" = E:\DIRECTX\DXINFO.EXE -- [1998/07/29 21:00:06 | 000,309,760 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtest\command - "" = E:\GOODIES\DIRECTX\DX5TEST.EXE -- [1998/09/03 16:00:02 | 000,106,496 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 13:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\msinfo\command - "" = E:\GOODIES\MSINFO\MSINFO32.EXE -- [1996/08/08 14:40:06 | 000,452,096 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\sampler\command - "" = E:\SAMPLER\SAMPLER.EXE -- [1997/06/30 17:11:52 | 000,014,403 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\setup\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\zone\command - "" = E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE -- [1998/08/28 16:55:26 | 009,795,972 | R--- | M] ()
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/11 21:08:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/10 19:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/08/10 19:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/08/09 23:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/08/09 23:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/08/09 22:21:12 | 000,173,504 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmcomm.sys
[2013/08/09 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/08/09 21:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/08/09 21:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
[2013/08/09 07:17:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/09 07:17:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/09 07:17:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/09 07:17:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/09 07:17:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/09 07:17:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/09 07:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/09 07:17:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/09 07:17:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/09 07:17:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/09 07:17:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/09 07:17:38 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/09 07:17:38 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/09 07:17:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/09 07:17:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/08 16:40:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/08/08 16:34:24 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/08/08 16:34:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/08/08 16:34:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/08/08 16:34:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/08/08 16:34:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/08/08 16:34:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/08/08 16:34:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/08/08 16:34:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/08/08 16:34:23 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/08/08 16:34:23 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/08/08 16:34:23 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/08/08 16:34:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/08/08 16:34:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/08/08 16:34:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/08/08 16:34:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/08/08 16:34:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/08/08 16:34:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/08/08 16:34:22 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/08/08 16:34:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/08/08 16:34:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/08/08 16:34:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/08/08 16:34:22 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/08/08 16:34:22 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/08/08 16:34:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/08/08 16:34:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/08/08 16:34:22 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/08/08 16:34:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/08/08 16:34:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/08/08 16:34:22 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/08/08 16:34:22 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/08/08 16:34:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/08/08 16:34:22 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/08/08 16:34:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/08/08 16:34:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/08/08 16:34:22 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/08/08 16:34:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/08/08 16:34:22 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/08/08 16:34:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/08/08 16:34:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/08/08 16:34:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/08/08 16:34:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/08/08 16:34:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/08/08 16:34:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/08/08 16:34:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/08/08 16:34:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/08/08 16:34:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/08/08 16:34:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/08/08 16:34:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/08/08 16:34:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/08/08 16:34:22 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/08/08 16:34:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/08/08 16:34:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/08/08 16:34:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/08/08 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/08 15:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/08/08 15:37:57 | 000,000,000 | ---D | C] -- C:\windows\Fonts\AdvUninstal
[2013/08/08 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Innovative Solutions
[2013/08/08 15:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/08/08 15:35:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/08 15:34:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\IEFix
[2013/08/08 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\e-academy Inc
[2013/08/08 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\e-academy Inc
[2013/08/05 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Kittens
[2013/08/05 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Apt 212 Lease
[2013/07/31 07:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/07/30 08:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/29 07:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013/07/29 07:40:58 | 000,716,800 | ---- | C] (Pharos Systems International) -- C:\windows\SysNative\PSR98E35.DLL
[2013/07/29 07:40:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4r.dll
[2013/07/29 07:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PharosSystems
[2013/07/29 07:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
[2013/07/29 07:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pharos
[2013/07/25 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\LL Contract
[2013/07/23 15:09:57 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/23 15:09:57 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/23 15:09:36 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/23 15:09:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/23 15:05:08 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/22 14:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/07/22 14:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/07/22 14:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/07/22 14:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/07/22 14:25:30 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\adawarebp
[2013/07/21 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/21 17:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/21 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/07/21 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\LavasoftStatistics
[2013/07/21 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/07/21 16:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/07/21 16:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/07/21 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Ad-Aware Antivirus
[2013/07/19 03:00:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/07/18 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/04/27 11:34:11 | 012,556,224 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Nick\gosetup.exe

========== Files - Modified Within 30 Days ==========

[2013/08/11 21:40:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 21:40:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 21:32:43 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/11 21:32:42 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/08/11 21:32:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/11 21:32:17 | 3162,087,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/11 21:12:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/11 21:09:27 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/08/11 21:04:27 | 000,666,633 | ---- | M] () -- C:\Users\Nick\Desktop\adwcleaner.exe
[2013/08/11 20:58:34 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/11 20:58:32 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-285638692-1628021285-1877425603-1000UA.job
[2013/08/11 19:17:15 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-285638692-1628021285-1877425603-1000Core.job
[2013/08/11 19:17:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/08/10 19:42:16 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/10 10:13:25 | 018,976,193 | ---- | M] () -- C:\Users\Nick\Desktop\Kittens2.zip
[2013/08/10 10:13:03 | 018,087,793 | ---- | M] () -- C:\Users\Nick\Desktop\Kittens.zip
[2013/08/09 23:14:06 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/08/09 23:14:01 | 001,891,351 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/08/09 22:45:50 | 000,891,703 | ---- | M] () -- C:\Users\Nick\AppData\Local\census.cache
[2013/08/09 22:45:38 | 000,178,340 | ---- | M] () -- C:\Users\Nick\AppData\Local\ars.cache
[2013/08/09 22:21:04 | 000,000,036 | ---- | M] () -- C:\Users\Nick\AppData\Local\housecall.guid.cache
[2013/08/09 19:54:20 | 000,002,121 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/09 19:54:19 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/08/08 16:34:24 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/08/08 16:34:24 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/08/08 16:34:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/08/08 16:34:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/08/08 16:34:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/08/08 16:34:23 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/08/08 16:34:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/08/08 16:34:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/08/08 16:34:23 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/08/08 16:34:23 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/08/08 16:34:23 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/08/08 16:34:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/08/08 16:34:23 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/08/08 16:34:23 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/08/08 16:34:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/08/08 16:34:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/08/08 16:34:23 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/08/08 16:34:22 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/08/08 16:34:22 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/08/08 16:34:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/08/08 16:34:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/08/08 16:34:22 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/08/08 16:34:22 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/08/08 16:34:22 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/08/08 16:34:22 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/08/08 16:34:22 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/08/08 16:34:22 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/08/08 16:34:22 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/08/08 16:34:22 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/08/08 16:34:22 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/08/08 16:34:22 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/08/08 16:34:22 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/08/08 16:34:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/08/08 16:34:22 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/08/08 16:34:22 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/08/08 16:34:22 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/08/08 16:34:22 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/08/08 16:34:22 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/08/08 16:34:22 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/08/08 16:34:22 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/08/08 16:34:22 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/08/08 16:34:22 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/08/08 16:34:22 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/08/08 16:34:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/08/08 16:34:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/08/08 16:34:22 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/08/08 16:34:22 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/08/08 16:34:22 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/08/08 16:34:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/08/08 16:34:22 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/08/08 16:34:22 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/08 16:34:22 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/08 16:34:22 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/08/08 16:34:22 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/08/08 16:34:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/08/08 16:02:30 | 000,001,448 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/08 15:12:25 | 000,003,133 | ---- | M] () -- C:\Users\Nick\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013/08/05 23:24:45 | 000,053,130 | ---- | M] () -- C:\Users\Nick\Desktop\evolution.jpg
[2013/08/05 21:31:04 | 000,606,869 | ---- | M] () -- C:\Users\Nick\Desktop\jean.jpg
[2013/08/05 20:01:50 | 000,779,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/05 20:01:50 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/05 20:01:50 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/03 20:17:38 | 000,396,723 | ---- | M] () -- C:\Users\Nick\Desktop\212-SAB-LEASE.pdf
[2013/08/01 23:09:20 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/30 17:04:52 | 000,514,448 | ---- | M] () -- C:\Users\Nick\Desktop\CPR2.jpg
[2013/07/30 17:04:23 | 000,549,071 | ---- | M] () -- C:\Users\Nick\Desktop\CPR1
[2013/07/30 16:58:00 | 004,067,999 | ---- | M] () -- C:\Users\Nick\Desktop\NeuroLab2.pdf
[2013/07/30 15:30:09 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/30 14:45:45 | 000,010,926 | ---- | M] () -- C:\Users\Nick\Desktop\Barry Feb 2013.pdf
[2013/07/30 08:49:47 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/23 15:48:20 | 000,413,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/23 14:47:33 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/22 13:45:13 | 000,007,602 | ---- | M] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2013/07/19 23:19:29 | 001,289,589 | ---- | M] () -- C:\Users\Nick\Documents\desk2.jpg
[2013/07/19 23:19:18 | 001,355,005 | ---- | M] () -- C:\Users\Nick\Documents\desk1.jpg
[2013/07/18 21:36:43 | 000,700,290 | ---- | M] () -- C:\Users\Nick\Documents\Temple.jpeg
[2013/07/18 19:39:03 | 000,116,090 | ---- | M] () -- C:\Users\Nick\Desktop\GradEnrollment_1314.pdf

========== Files Created - No Company Name ==========

[2013/08/11 21:04:22 | 000,666,633 | ---- | C] () -- C:\Users\Nick\Desktop\adwcleaner.exe
[2013/08/10 19:42:16 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/10 10:12:02 | 018,976,193 | ---- | C] () -- C:\Users\Nick\Desktop\Kittens2.zip
[2013/08/10 10:11:23 | 018,087,793 | ---- | C] () -- C:\Users\Nick\Desktop\Kittens.zip
[2013/08/09 23:14:06 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/08/09 23:14:03 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/08/09 22:45:50 | 000,891,703 | ---- | C] () -- C:\Users\Nick\AppData\Local\census.cache
[2013/08/09 22:45:38 | 000,178,340 | ---- | C] () -- C:\Users\Nick\AppData\Local\ars.cache
[2013/08/09 22:21:04 | 000,000,036 | ---- | C] () -- C:\Users\Nick\AppData\Local\housecall.guid.cache
[2013/08/08 16:34:22 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/08 16:34:22 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/08 14:57:03 | 000,003,133 | ---- | C] () -- C:\Users\Nick\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013/08/05 23:24:20 | 000,053,130 | ---- | C] () -- C:\Users\Nick\Desktop\evolution.jpg
[2013/08/05 21:30:02 | 000,606,869 | ---- | C] () -- C:\Users\Nick\Desktop\jean.jpg
[2013/08/03 20:17:38 | 000,396,723 | ---- | C] () -- C:\Users\Nick\Desktop\212-SAB-LEASE.pdf
[2013/08/01 23:09:20 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/30 17:04:42 | 000,514,448 | ---- | C] () -- C:\Users\Nick\Desktop\CPR2.jpg
[2013/07/30 17:04:06 | 000,549,071 | ---- | C] () -- C:\Users\Nick\Desktop\CPR1
[2013/07/30 16:57:59 | 004,067,999 | ---- | C] () -- C:\Users\Nick\Desktop\NeuroLab2.pdf
[2013/07/30 15:30:09 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/30 14:45:45 | 000,010,926 | ---- | C] () -- C:\Users\Nick\Desktop\Barry Feb 2013.pdf
[2013/07/30 08:49:47 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/28 18:59:25 | 001,371,247 | ---- | C] () -- C:\Users\Nick\Desktop\desk2.JPG
[2013/07/28 18:59:19 | 001,400,479 | ---- | C] () -- C:\Users\Nick\Desktop\desk1.JPG
[2013/07/22 13:45:13 | 000,007,602 | ---- | C] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2013/07/19 23:19:28 | 001,289,589 | ---- | C] () -- C:\Users\Nick\Documents\desk2.jpg
[2013/07/19 23:19:18 | 001,355,005 | ---- | C] () -- C:\Users\Nick\Documents\desk1.jpg
[2013/07/18 21:37:23 | 000,700,290 | ---- | C] () -- C:\Users\Nick\Documents\Temple.jpeg
[2013/07/18 19:39:02 | 000,116,090 | ---- | C] () -- C:\Users\Nick\Desktop\GradEnrollment_1314.pdf
[2013/03/29 21:53:04 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
[2013/02/23 18:42:01 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/11/23 17:20:19 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/11/23 17:20:19 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/09/03 20:16:13 | 000,000,605 | ---- | C] () -- C:\Users\Nick\.powerschool_gradebook.properties
[2012/09/03 20:15:51 | 000,000,012 | ---- | C] () -- C:\Users\Nick\.gradebook_userdict.tlx
[2012/08/11 21:05:34 | 734,232,576 | ---- | C] () -- C:\Users\Nick\The.Station.Agent[2003]DvDrip[Eng].avi
[2012/08/11 21:05:24 | 848,943,973 | ---- | C] () -- C:\Users\Nick\The Color of Friendship.mp4
[2012/05/12 06:18:13 | 000,773,940 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/12 05:38:03 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/05/10 15:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 14:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 15:51:06 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 15:51:04 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 15:51:04 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/10 23:39:16 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/23 14:36:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ad-Aware Antivirus
[2013/03/29 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2013/08/08 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\e-academy Inc
[2012/11/20 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Elluminate
[2013/05/05 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SoftGrid Client
[2012/08/12 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SystemRequirementsLab
[2012/09/06 22:21:52 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Thunderbird
[2013/03/29 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Toshiba
[2012/08/11 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TP
[2013/08/11 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2012/09/20 17:20:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\VOWSoft
[2012/08/11 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/13 01:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/13 00:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 06:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013/07/21 17:02:37 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is TI106401W0D
Volume Serial Number is D00E-CD8F
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Nick
08/11/2012 06:28 PM <JUNCTION> Application Data [C:\Users\Nick\AppData\Roaming]
08/11/2012 06:28 PM <JUNCTION> Cookies [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies]
08/11/2012 06:28 PM <JUNCTION> Local Settings [C:\Users\Nick\AppData\Local]
08/11/2012 06:28 PM <JUNCTION> NetHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/11/2012 06:28 PM <JUNCTION> PrintHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/11/2012 06:28 PM <JUNCTION> Recent [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Recent]
08/11/2012 06:28 PM <JUNCTION> SendTo [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\SendTo]
08/11/2012 06:28 PM <JUNCTION> Start Menu [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu]
08/11/2012 06:28 PM <JUNCTION> Templates [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Nick\AppData\Local
08/11/2012 06:28 PM <JUNCTION> Application Data [C:\Users\Nick\AppData\Local]
08/11/2012 06:28 PM <JUNCTION> History [C:\Users\Nick\AppData\Local\Microsoft\Windows\History]
08/11/2012 06:28 PM <JUNCTION> Temporary Internet Files [C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Nick\Documents
08/11/2012 06:28 PM <JUNCTION> My Music [C:\Users\Nick\Music]
08/11/2012 06:28 PM <JUNCTION> My Pictures [C:\Users\Nick\Pictures]
08/11/2012 06:28 PM <JUNCTION> My Videos [C:\Users\Nick\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 376,386,551,808 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Documents\Temple.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\Nicholas.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LauraLee.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaidfallspring.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaid.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
  • 0

#12
toebash24
Posted 11 August 2013 - 07:56 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 22.0 Firefox out of Date!
Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````




Issues I am still having:

I still cannot access the internet through Internet Explorer. Also, mozilla thunderbird cannot connect to the server. This was no problem just a few days ago. Thank you very much for your help! I really appreciate it.
  • 0

#13
toebash24
Posted 11 August 2013 - 10:20 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I actually just uninstalled Norton because it wasn't loading and reinstalled. Now, I am able to connect to the internet via IE! I don;t see any other problems.
  • 0

#14
23red
Posted 13 August 2013 - 07:21 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hello toebash24 :)
Excellent :thumbsup: Good work!
I am seeing evidence of Microsoft Security Essentials in your last log, you have Norton already installed you should uninstall it ;) Two antiviruses running together does not work well and does not help your computer.

You still have some not so good items that should go. We're almost finished, but not quite! We need to do a couple more things and run a last OTL fix afterwhich we need to cleanup:

Step 1
Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outline in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advise you to download and run the Disable Windows Sidebar and Gadgets Fixtit Utility to rectify this.


Step 2
Run OTL
Please right click on Posted Image Run as Administrator, accept UAC prompts.

Under Posted Image
in the textbox at the bottom, please paste in the following purple text:





:Commands
[CREATERESTOREPOINT]
:OTL
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\ar32e301\command - "" = E:\GOODIES\AR32E301.EXE -- [1998/07/30 14:29:20 | 004,018,104 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\AutoRun\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1998/07/29 21:00:06 | 000,086,528 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY60A.EXE -- [1998/09/01 15:37:02 | 000,255,744 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxdiag\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1998/07/29 21:00:06 | 000,286,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxinfo\command - "" = E:\DIRECTX\DXINFO.EXE -- [1998/07/29 21:00:06 | 000,309,760 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtest\command - "" = E:\GOODIES\DIRECTX\DX5TEST.EXE -- [1998/09/03 16:00:02 | 000,106,496 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 13:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\msinfo\command - "" = E:\GOODIES\MSINFO\MSINFO32.EXE -- [1996/08/08 14:40:06 | 000,452,096 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\sampler\command - "" = E:\SAMPLER\SAMPLER.EXE -- [1997/06/30 17:11:52 | 000,014,403 | R--- | M] ()
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\setup\command - "" = E:\AOESETUP.EXE -- [1999/01/09 20:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\Shell\zone\command - "" = E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE -- [1998/08/28 16:55:26 | 009,795,972 | R--- | M] ()
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell - "" = AutoRun
O33 - MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Documents\Temple.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\Nicholas.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LLrelease1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\LauraLee.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaidfallspring.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Nick\Desktop\finaid.jpeg:3or4kl4x13tuuug3Byamue2s4b
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]







•Push the Posted Image button.
•OTL may ask to reboot the machine. Please do so if asked.
•A massage box Posted Image will pop-up.
•Click the OK button and a report will open.
•Copy and Paste that report in your next reply, please

Lets see if Malwarebytes finds anything suspicious:


Step 3
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here or here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so.

Step 4
Update Firefox

1. At the top of the Firefox window click the Firefox button.

2. Go over to the Help menu and select About Firefox.
The About Firefox window will open and Firefox will begin checking for updates. If updates are available, they will begin downloading automatically.

Posted Image

3. When the updates are downloaded and ready to be installed, click Apply Update. Firefox will be restarted and the updates will be installed.

Posted Image


When you return, Please:

OTL fix log
Malwarebytes log
And please let me know how your computer's running
  • 0

#15
toebash24
Posted 13 August 2013 - 01:11 PM

toebash24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi! Thanks again

OTL Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\GOODIES\AR32E301.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\DIRECTX\DPLAY60A.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\DIRECTX\DXINFO.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\GOODIES\DIRECTX\DX5TEST.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\GOODIES\MSINFO\MSINFO32.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\SAMPLER\SAMPLER.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef95bc-94d6-11e2-bd4d-00266c15b07c}\ not found.
File move failed. E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d58e011e-d447-11e2-832e-00266c15b07c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d58e011e-d447-11e2-832e-00266c15b07c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d58e011e-d447-11e2-832e-00266c15b07c}\ not found.
File G:\MotoCastSetup.exe -a not found.
ADS C:\Users\Nick\Documents\Temple.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\Nicholas.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\LLrelease4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\LLrelease3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\LLrelease2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\LLrelease1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\LauraLee.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\finaidfallspring.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Nick\Desktop\finaid.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Downloads\cmd.bat deleted successfully.
C:\Users\Nick\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick
->Temp folder emptied: 65021979 bytes
->Temporary Internet Files folder emptied: 638331 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39516475 bytes
->Flash cache emptied: 3605 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37987 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 805609843 bytes

Total Files Cleaned = 869.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08132013_142056

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
File\Folder E:\GOODIES\AR32E301.EXE not found!
File\Folder E:\AOESETUP.EXE not found!
File\Folder E:\DIRECTX\DXSETUP.EXE not found!
File\Folder E:\DIRECTX\DPLAY60A.EXE not found!
File\Folder E:\DIRECTX\DXDIAG.EXE not found!
File\Folder E:\DIRECTX\DXINFO.EXE not found!
File\Folder E:\GOODIES\DIRECTX\DX5TEST.EXE not found!
File\Folder E:\GOODIES\DIRECTX\DXTOOL.EXE not found!
File\Folder E:\GOODIES\MSINFO\MSINFO32.EXE not found!
File\Folder E:\SAMPLER\SAMPLER.EXE not found!
File\Folder E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE not found!
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Nick :: NICK-PC [administrator]

8/13/2013 2:47:14 PM
mbam-log-2013-08-13 (14-47-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216636
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Nick\Downloads\DAEMONToolsUltra100-0068.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Nick\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Nick\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nick\Downloads\SoftonicDownloader_for_firstrow-sport-app.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

(end)


How my PC is running:

It seems OK right now. Earlier today before I ran these scans/fixes it was giving me a little but of trouble. Random programs will just go into "not responding" mode. It's not even like I had that many things open so I don't know if anything malware related is causing that. It's barely a year old so it shouldn't be slowing down like that I wouldn't think. I was thinking about upgrading to Windows 8 because I've heard it uses less memory but I don't know what you think about that. Thanks for all of your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP