Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

what is this oalvgomhlshqzc found in services [Closed]


  • This topic is locked This topic is locked

#1
james0873

james0873

    New Member

  • Member
  • Pip
  • 9 posts
I have a Toshiba Satellite I-3 processor 6 gb of ram Windows 7 Avast Internet Security Malwarebytes and Hitman pro........I don't know what else I should have included, so I hope that's enough....Please let me know if you need anymore information.....Also I found this when I ran msconfig and found it in services....Thanks in advance for your help....Also It's running and will not allow me to disable it......
c:\Windows\SysWOW64\iiearmbc.exe\ c:\Windows\SysWOW64\iiearmbc.exe\ oalvgomhlshqzc
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a look see

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Extras logfile created on: 2/12/2014 6:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.49 Gb Available Physical Memory | 75.95% Memory free
14.77 Gb Paging File | 13.17 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): c:\pagefile.sys 9075 9075 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 483.90 Gb Free Space | 70.94% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CCB3052-B7EC-46EB-A3DA-6F2D6B70ADED}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDC61195-94A8-433A-A220-AF167620064A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HitmanPro37" = HitmanPro 3.7
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel® WiDi
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}" = Windows PE x86 x64 wims
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BFC9778E-9765-C94C-C082-C2514F8DEB9B}" = Windows Deployment Tools
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}" = Windows PE x86 x64
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Avast" = avast! Internet Security
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Opera 19.0.1326.59" = Opera Stable 19.0.1326.59
"ProInst" = Intel PROSet Wireless
"Protected Folder_is1" = Protected Folder
"Security Task Manager" = Security Task Manager 1.8g
"Smart Defrag 3_is1" = Smart Defrag 3
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UpdaterEX" = Extended Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2014 3:37:15 AM | Computer Name = James-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2014 3:47:09 AM | Computer Name = James-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: HTTP status 400: The server cannot process
the request because the syntax is not valid. ErrorCode: 14007(0x36b7).

[ Media Center Events ]
Error - 1/26/2014 6:59:13 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 5:59:13 PM - Error connecting to the internet. 5:59:13 PM - Unable
to contact server..

Error - 1/26/2014 6:59:19 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 5:59:18 PM - Error connecting to the internet. 5:59:18 PM - Unable
to contact server..

Error - 1/26/2014 8:12:00 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 7:12:00 PM - Error connecting to the internet. 7:12:00 PM - Unable
to contact server..

Error - 1/26/2014 8:12:14 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 7:12:05 PM - Error connecting to the internet. 7:12:05 PM - Unable
to contact server..

Error - 1/26/2014 9:12:29 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 8:12:29 PM - Error connecting to the internet. 8:12:29 PM - Unable
to contact server..

Error - 1/26/2014 9:12:36 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 8:12:34 PM - Error connecting to the internet. 8:12:34 PM - Unable
to contact server..

Error - 1/27/2014 11:35:48 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 10:35:48 AM - Error connecting to the internet. 10:35:48 AM - Unable
to contact server..

Error - 1/27/2014 11:35:56 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 10:35:53 AM - Error connecting to the internet. 10:35:53 AM - Unable
to contact server..

Error - 1/28/2014 12:05:52 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 11:05:52 PM - Error connecting to the internet. 11:05:52 PM - Unable
to contact server..

Error - 1/28/2014 12:06:05 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0
Description = 11:05:57 PM - Error connecting to the internet. 11:05:57 PM - Unable
to contact server..

[ System Events ]
Error - 2/12/2014 3:36:05 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The Secunia PSI Agent service failed to start due to the following
error: %%3

Error - 2/12/2014 3:36:05 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%3

Error - 2/12/2014 3:38:16 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058

Error - 2/12/2014 4:12:55 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).


< End of report >
OTL logfile created on: 2/12/2014 6:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.49 Gb Available Physical Memory | 75.95% Memory free
14.77 Gb Paging File | 13.17 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): c:\pagefile.sys 9075 9075 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 483.90 Gb Free Space | 70.94% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 18:35:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2014/02/11 18:15:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/01/16 02:34:51 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/16 02:34:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/16 02:34:24 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/01/13 21:26:30 | 003,692,232 | ---- | M] (Auslogics) -- C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
PRC - [2014/01/09 14:14:48 | 003,529,504 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/17 16:10:05 | 000,077,824 | ---- | M] ( Copyrighted © ) -- c:\Windows\SysWOW64\iiearmbc.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/16 02:34:52 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/31 16:49:22 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/01/16 02:34:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/01/16 02:34:24 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/12/10 23:25:36 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/09 05:16:12 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 14:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 15:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 15:23:40 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 15:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 12:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/01/20 23:57:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/11/10 17:46:51 | 000,279,024 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/17 16:10:05 | 000,077,824 | ---- | M] ( Copyrighted © ) [Auto | Running] -- c:\Windows\SysWOW64\iiearmbc.exe -- (oalvgomhlshqzc)
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/16 02:45:02 | 000,439,648 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/01/16 02:35:37 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/16 02:34:53 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/16 02:34:53 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/16 02:34:52 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/16 02:34:52 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/16 02:34:52 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/16 02:34:52 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/16 02:34:40 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/01/12 14:47:58 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/24 10:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/11/26 01:28:41 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/26 01:28:23 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/26 01:28:02 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/11/10 17:46:46 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/09 01:34:09 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/05 15:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 15:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/09 22:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 19:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 13:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2013/11/19 16:10:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/04/03 16:22:42 | 000,039,504 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\..\SearchScopes\{35201FBD-21D2-4DC4-A4D9-0914F2714F22}: "URL" = http://www.google.co...1I7TSNO_enUS561
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/28 01:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/01/31 18:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\9ffp4bqk.default-1384286089161\extensions
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\9ffp4bqk.default-1384286089161\extensions\[email protected]
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions
[2013/11/15 03:16:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/14 15:23:24 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/11/15 15:02:38 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/12/11 14:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\staged
[2014/02/11 15:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions
[2014/02/01 03:59:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/02/01 12:36:54 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/01 23:11:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/01 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions
[2013/12/14 15:23:24 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2014/02/01 23:11:50 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2013/11/15 15:02:37 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2013/12/11 14:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\staged
[2013/11/14 16:09:18 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/11/14 16:12:11 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/11 15:07:22 | 001,388,203 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/11 15:07:20 | 000,649,709 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/01 03:56:17 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/31 18:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/12 02:31:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.msn.com/
CHR - Extension: TooManyTabs for Chrome = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.148_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.149_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.150_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.151_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.152_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.153_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.155_0\
CHR - Extension: internet download manager = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmlhapfmellonebkjlfbokckaaljdke\0.0.0.3_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\3.7_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\3.8_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\4.1_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.6_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.7_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.8_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.0_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.1_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.2_0\
CHR - Extension: Redirect Checker = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdoecgikollacepmbihjllneabhchk\0.0.0.1_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1031_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1037_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1038_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1040_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1051_0\
CHR - Extension: History Eraser = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.5_0\
CHR - Extension: History Eraser = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.7_0\
CHR - Extension: avast! Online Security = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Video Downloader - GotClip = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbblceflgjndjmpkhcdpjhidhkcknjen\1_0\
CHR - Extension: Pixlr Touch Up = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.3_0\
CHR - Extension: Pixlr Touch Up = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.3.0_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.4_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.4_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: MaximizeFlash = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljjmflmcnaigbhnheldbdbplkbhngnl\1.1_0\
CHR - Extension: Financial Calculator = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal\1.0.5_0\
CHR - Extension: Ghostery = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Ghostery = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.1.1_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: +Photo Zoom = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: WeVideo - Video Editor and Maker = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.3_0\
CHR - Extension: Click&Clean App = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Click&Clean App = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.4_0\

O1 HOSTS File: ([2014/01/12 15:05:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-93945945-1677992502-1968439572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B64AC6-7FD5-485B-A70D-0C43E7CEA0AB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{391B3630-90A9-43BE-AF45-EECE1BD3D667}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 08:29:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{BAA58EC2-83B8-4EED-A056-16FE69EB9EFB}
[2014/02/04 22:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2014/02/04 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/02/04 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/02/04 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/02/04 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2014/02/04 19:19:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\TP
[2014/02/02 02:11:04 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{FE6895CD-A2BD-4F4C-884C-A4E85E54DE36}
[2014/02/01 23:11:34 | 000,034,080 | ---- | C] (IObit) -- C:\windows\SysNative\SmartDefragBootTime.exe
[2014/02/01 23:11:02 | 000,121,856 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll20140201231133.dll
[2014/02/01 23:11:02 | 000,121,856 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll
[2014/02/01 23:10:38 | 000,021,184 | ---- | C] (IObit) -- C:\windows\SysNative\drivers\SmartDefragDriver.sys
[2014/02/01 23:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/02/01 09:35:16 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{75044DCE-DDD8-4684-AB27-B3C67404C4EF}
[2014/01/31 20:08:11 | 000,000,000 | ---D | C] -- C:\windows\tasks\ImCleanDisabled
[2014/01/31 18:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/31 18:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/31 17:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/31 15:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/01/31 15:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/01/31 15:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/01/28 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{D6E8B26C-75D1-4C52-8D07-390598357671}
[2014/01/28 05:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/27 04:01:34 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Apps
[2014/01/23 02:03:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\aignes
[2014/01/23 01:16:56 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Registry Mechanic
[2014/01/23 00:46:11 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx
[2014/01/23 00:46:11 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx
[2014/01/23 00:46:11 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx
[2014/01/23 00:46:10 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2014/01/23 00:46:10 | 000,513,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml.dll
[2014/01/23 00:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2014/01/23 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Product_RM
[2014/01/22 13:13:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2014/01/22 12:39:17 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{0228C048-2462-4FD8-98AA-3C680C0DCD01}
[2014/01/21 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{04592737-6CDE-48F4-87C5-8294280E7297}
[2014/01/21 12:48:53 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/01/21 12:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/21 12:48:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/01/21 12:48:48 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/01/21 12:48:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/17 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{0DC38B43-DDEB-44B2-9534-B8365B787622}
[2014/01/17 00:48:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{4F948E21-7557-4468-A124-C106B32EB6C8}
[2014/01/16 11:05:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2014/01/16 10:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/01/16 10:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/01/16 04:41:25 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2014/01/16 04:41:25 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\IJL_11.DLL
[2014/01/16 04:41:25 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RICHTX32.OCX
[2014/01/16 04:41:25 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSWINSCK.OCX
[2014/01/16 04:41:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2014/01/16 04:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Relytec
[2014/01/16 02:35:09 | 001,034,464 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/01/16 02:35:09 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/01/16 02:35:07 | 000,092,544 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/01/16 02:35:07 | 000,078,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/01/16 02:35:05 | 000,028,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2014/01/16 02:35:02 | 000,334,136 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/01/16 02:34:24 | 000,439,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/16 02:16:46 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\ovjkmyaq.sys
[2014/01/16 02:16:37 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\rdfrtbde.sys
[2014/01/16 02:15:56 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\ooyenrab.sys
[2014/01/16 02:15:13 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\lkmfyxmz.sys
[2014/01/14 14:58:07 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/14 14:58:07 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/14 14:58:03 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[4 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/12 18:44:19 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/12 18:29:49 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/12 18:29:45 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/02/12 02:43:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 02:43:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 02:35:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/12 02:35:26 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/05 03:01:20 | 000,798,516 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/05 03:01:20 | 000,662,338 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/05 03:01:20 | 000,121,916 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/04 19:41:01 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/02/02 07:12:12 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/02 07:10:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/02/02 03:21:43 | 000,015,184 | ---- | M] () -- C:\Users\James\Documents\My Movie.wlmp
[2014/02/01 23:10:38 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/01/31 18:34:52 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/31 17:56:44 | 000,001,135 | ---- | M] () -- C:\Users\James\Desktop\Internet Explore.lnk
[2014/01/31 16:10:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
[2014/01/28 13:45:08 | 000,039,546 | ---- | M] () -- C:\Users\James\Documents\November - December, 2013.wlmp
[2014/01/28 01:29:07 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/28 01:29:07 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/23 01:39:45 | 002,158,592 | ---- | M] () -- C:\Users\James\s-1-5-21-93945945-1677992502-1968439572-1000.rrr
[2014/01/22 13:13:10 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2014/01/22 12:40:04 | 000,643,368 | ---- | M] () -- C:\Users\James\Documents\470404_107255372741635_636660164_o.jpg
[2014/01/20 23:57:45 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/01/20 23:57:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/16 13:53:35 | 000,000,600 | ---- | M] () -- C:\Users\James\AppData\Roaming\winscp.rnd
[2014/01/16 11:05:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2014/01/16 11:05:10 | 000,000,388 | ---- | M] () -- C:\windows\SysNative\.crusader
[2014/01/16 11:05:10 | 000,000,226 | ---- | M] () -- C:\windows\SysNative\bootdelete.lst
[2014/01/16 10:37:10 | 000,001,180 | ---- | M] () -- C:\Users\James\Desktop\Auslogics BoostSpeed.lnk
[2014/01/16 02:45:02 | 000,439,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/16 02:35:37 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/01/16 02:34:53 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/01/16 02:34:53 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/01/16 02:34:52 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/01/16 02:34:52 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/01/16 02:34:52 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/01/16 02:34:52 | 000,092,544 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/01/16 02:34:52 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/01/16 02:34:40 | 000,028,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2014/01/16 02:16:46 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\ovjkmyaq.sys
[2014/01/16 02:16:37 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\rdfrtbde.sys
[2014/01/16 02:15:56 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\ooyenrab.sys
[2014/01/16 02:15:13 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\lkmfyxmz.sys
[2014/01/15 23:59:46 | 000,007,596 | ---- | M] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2014/01/15 23:50:37 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[4 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/02 07:11:38 | 000,275,712 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/02 07:10:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/02/01 23:10:38 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/01/31 18:34:52 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/31 18:34:52 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/31 17:56:44 | 000,001,135 | ---- | C] () -- C:\Users\James\Desktop\Internet Explore.lnk
[2014/01/23 01:39:45 | 002,158,592 | ---- | C] () -- C:\Users\James\s-1-5-21-93945945-1677992502-1968439572-1000.rrr
[2014/01/23 00:46:10 | 000,041,632 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe
[2014/01/22 12:36:57 | 000,643,368 | ---- | C] () -- C:\Users\James\Documents\470404_107255372741635_636660164_o.jpg
[2014/01/16 13:53:35 | 000,000,600 | ---- | C] () -- C:\Users\James\AppData\Roaming\winscp.rnd
[2014/01/16 11:05:10 | 000,000,226 | ---- | C] () -- C:\windows\SysNative\bootdelete.lst
[2014/01/16 10:37:10 | 000,001,180 | ---- | C] () -- C:\Users\James\Desktop\Auslogics BoostSpeed.lnk
[2014/01/16 09:30:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
[2014/01/16 02:36:37 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/16 02:36:37 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/12 23:45:10 | 000,798,516 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/01/12 14:55:06 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/12 14:55:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/12 14:55:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/12 14:55:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/12 14:55:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/19 00:58:01 | 000,000,072 | ---- | C] () -- C:\Users\James\AppData\Roaming\WB.CFG
[2013/11/11 03:46:31 | 000,000,632 | RHS- | C] () -- C:\Users\James\ntuser.pol
[2013/11/10 17:46:51 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2013/11/10 17:46:44 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/11/10 17:46:42 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2013/11/09 10:24:35 | 000,007,596 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2012/10/18 19:01:27 | 000,022,655 | ---- | C] () -- C:\windows\SysWow64\mswen-oce.dll
[2012/06/04 06:12:04 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\nggyqsdg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/10 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\AVAST Software
[2014/01/10 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\IObit
[2014/02/02 09:20:50 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Toshiba
[2013/11/16 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Charly\AppData\Roaming\AVAST Software
[2013/11/17 21:38:17 | 000,000,000 | ---D | M] -- C:\Users\Charly\AppData\Roaming\IObit
[2014/01/23 02:03:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\aignes
[2013/11/08 23:37:28 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVAST Software
[2013/12/23 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Book Place
[2014/01/12 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DriverCure
[2014/02/01 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit
[2013/11/15 14:23:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Opera Software
[2014/01/12 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ParetoLogic
[2014/01/23 00:45:40 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Product_RM
[2014/01/23 01:39:46 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Registry Mechanic
[2013/12/07 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Toshiba
[2014/02/04 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TP
[2013/11/15 15:01:09 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\UpdaterEX
[2013/11/08 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinBatch
[2013/11/28 12:00:35 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\AVAST Software
[2013/12/18 02:50:10 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\IObit
[2014/02/04 19:51:29 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\SoftGrid Client
[2013/12/16 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,018,256 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU(12).TXT
[2009/07/14 00:08:49 | 000,019,772 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU(329).TXT
[2009/07/14 00:08:49 | 000,023,504 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU(15).TXT
[2009/07/14 00:08:49 | 000,032,644 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU(13).TXT
[2009/07/14 00:08:49 | 000,032,644 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2013/11/09 01:50:36 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 01:50:36 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/10 15:23:28 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is TI106332W0C
Volume Serial Number is 4A48-EB5F
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Becky
01/10/2014 09:38 PM <JUNCTION> Application Data [C:\Users\Becky\AppData\Roaming]
01/10/2014 09:38 PM <JUNCTION> Cookies [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Cookies]
01/10/2014 09:38 PM <JUNCTION> Local Settings [C:\Users\Becky\AppData\Local]
01/10/2014 09:38 PM <JUNCTION> My Documents [C:\Users\Becky\Documents]
01/10/2014 09:38 PM <JUNCTION> NetHood [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/10/2014 09:38 PM <JUNCTION> PrintHood [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/10/2014 09:38 PM <JUNCTION> Recent [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Recent]
01/10/2014 09:38 PM <JUNCTION> SendTo [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\SendTo]
01/10/2014 09:38 PM <JUNCTION> Start Menu [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu]
01/10/2014 09:38 PM <JUNCTION> Templates [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Becky\AppData\Local
01/10/2014 09:38 PM <JUNCTION> Application Data [C:\Users\Becky\AppData\Local]
01/10/2014 09:38 PM <JUNCTION> History [C:\Users\Becky\AppData\Local\Microsoft\Windows\History]
01/10/2014 09:38 PM <JUNCTION> Temporary Internet Files [C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Becky\Documents
01/10/2014 09:38 PM <JUNCTION> My Music [C:\Users\Becky\Music]
01/10/2014 09:38 PM <JUNCTION> My Pictures [C:\Users\Becky\Pictures]
01/10/2014 09:38 PM <JUNCTION> My Videos [C:\Users\Becky\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Charly
11/16/2013 10:47 PM <JUNCTION> Application Data [C:\Users\Charly\AppData\Roaming]
11/16/2013 10:47 PM <JUNCTION> Cookies [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Cookies]
11/16/2013 10:47 PM <JUNCTION> Local Settings [C:\Users\Charly\AppData\Local]
11/16/2013 10:47 PM <JUNCTION> My Documents [C:\Users\Charly\Documents]
11/16/2013 10:47 PM <JUNCTION> NetHood [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/16/2013 10:47 PM <JUNCTION> PrintHood [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/16/2013 10:47 PM <JUNCTION> Recent [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Recent]
11/16/2013 10:47 PM <JUNCTION> SendTo [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\SendTo]
11/16/2013 10:47 PM <JUNCTION> Start Menu [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu]
11/16/2013 10:47 PM <JUNCTION> Templates [C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Charly\AppData\Local
11/16/2013 10:47 PM <JUNCTION> Application Data [C:\Users\Charly\AppData\Local]
11/16/2013 10:47 PM <JUNCTION> History [C:\Users\Charly\AppData\Local\Microsoft\Windows\History]
11/16/2013 10:47 PM <JUNCTION> Temporary Internet Files [C:\Users\Charly\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Charly\Documents
11/16/2013 10:47 PM <JUNCTION> My Music [C:\Users\Charly\Music]
11/16/2013 10:47 PM <JUNCTION> My Pictures [C:\Users\Charly\Pictures]
11/16/2013 10:47 PM <JUNCTION> My Videos [C:\Users\Charly\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\James
11/08/2013 11:14 PM <JUNCTION> Application Data [C:\Users\James\AppData\Roaming]
11/08/2013 11:14 PM <JUNCTION> Cookies [C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies]
11/08/2013 11:14 PM <JUNCTION> Local Settings [C:\Users\James\AppData\Local]
11/08/2013 11:14 PM <JUNCTION> My Documents [C:\Users\James\Documents]
11/08/2013 11:14 PM <JUNCTION> NetHood [C:\Users\James\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/08/2013 11:14 PM <JUNCTION> PrintHood [C:\Users\James\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/08/2013 11:14 PM <JUNCTION> Recent [C:\Users\James\AppData\Roaming\Microsoft\Windows\Recent]
11/08/2013 11:14 PM <JUNCTION> SendTo [C:\Users\James\AppData\Roaming\Microsoft\Windows\SendTo]
11/08/2013 11:14 PM <JUNCTION> Start Menu [C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu]
11/08/2013 11:14 PM <JUNCTION> Templates [C:\Users\James\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\James\AppData\Local
11/08/2013 11:14 PM <JUNCTION> Application Data [C:\Users\James\AppData\Local]
11/08/2013 11:14 PM <JUNCTION> History [C:\Users\James\AppData\Local\Microsoft\Windows\History]
11/08/2013 11:14 PM <JUNCTION> Temporary Internet Files [C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\James\Documents
11/08/2013 11:14 PM <JUNCTION> My Music [C:\Users\James\Music]
11/08/2013 11:14 PM <JUNCTION> My Pictures [C:\Users\James\Pictures]
11/08/2013 11:14 PM <JUNCTION> My Videos [C:\Users\James\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tristan
11/28/2013 12:00 PM <JUNCTION> Application Data [C:\Users\Tristan\AppData\Roaming]
11/28/2013 12:00 PM <JUNCTION> Cookies [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Cookies]
11/28/2013 12:00 PM <JUNCTION> Local Settings [C:\Users\Tristan\AppData\Local]
11/28/2013 12:00 PM <JUNCTION> My Documents [C:\Users\Tristan\Documents]
11/28/2013 12:00 PM <JUNCTION> NetHood [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/28/2013 12:00 PM <JUNCTION> PrintHood [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/28/2013 12:00 PM <JUNCTION> Recent [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Recent]
11/28/2013 12:00 PM <JUNCTION> SendTo [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\SendTo]
11/28/2013 12:00 PM <JUNCTION> Start Menu [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu]
11/28/2013 12:00 PM <JUNCTION> Templates [C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Tristan\AppData\Local
11/28/2013 12:00 PM <JUNCTION> Application Data [C:\Users\Tristan\AppData\Local]
11/28/2013 12:00 PM <JUNCTION> History [C:\Users\Tristan\AppData\Local\Microsoft\Windows\History]
11/28/2013 12:00 PM <JUNCTION> Temporary Internet Files [C:\Users\Tristan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tristan\Documents
11/28/2013 12:00 PM <JUNCTION> My Music [C:\Users\Tristan\Music]
11/28/2013 12:00 PM <JUNCTION> My Pictures [C:\Users\Tristan\Pictures]
11/28/2013 12:00 PM <JUNCTION> My Videos [C:\Users\Tristan\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
97 Dir(s) 520,055,271,424 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#4
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-12 19:03:31
-----------------------------
19:03:31.124 OS Version: Windows x64 6.1.7601 Service Pack 1
19:03:31.124 Number of processors: 4 586 0x2A07
19:03:31.125 ComputerName: JAMES-PC UserName: James
19:03:33.255 Initialize success
19:03:36.113 AVAST engine defs: 14021202
19:04:21.160 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:04:21.162 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
19:04:21.269 Disk 0 MBR read successfully
19:04:21.271 Disk 0 MBR scan
19:04:21.274 Disk 0 Windows VISTA default MBR code
19:04:21.277 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:04:21.287 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 698476 MB offset 3074048
19:04:21.320 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15427 MB offset 1433552896
19:04:21.462 Disk 0 scanning C:\windows\system32\drivers
19:04:30.052 Service scanning
19:04:56.972 Modules scanning
19:04:56.979 Disk 0 trace - called modules:
19:04:56.989 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
19:04:56.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bc8060]
19:04:56.997 3 CLASSPNP.SYS[fffff8800125543f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007bc7060]
19:04:57.002 5 thpdrv.sys[fffff880019dd2b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c5e050]
19:04:58.551 AVAST engine scan C:\windows
19:05:01.574 AVAST engine scan C:\windows\system32
19:07:08.224 AVAST engine scan C:\windows\system32\drivers
19:07:21.491 AVAST engine scan C:\Users\James
19:10:58.559 AVAST engine scan C:\ProgramData
19:11:33.302 Scan finished successfully
19:12:34.215 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
19:12:34.220 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

Thank you so much for taking the time to help me with this ! James...
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I am not overly happy about the file or the location

First we will check it out and then remove it

Go to Virustotal
Click Choose File and navigate to c:\Windows\SysWOW64\iiearmbc.exe and select it
Then press scan it

[attachment=69080:Capture.JPG]

Once it has completed could you copy the link and post it here

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2012/05/17 16:10:05 | 000,077,824 | ---- | M] ( Copyrighted © ) [Auto | Running] -- c:\Windows\SysWOW64\iiearmbc.exe -- (oalvgomhlshqzc)


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
SHA256: ca3053228ea6d91ff5740e3a78978f00d28c2e95b30742997f63f4400b3a6c54
File name: iiearmbc.exe
Detection ratio: 0 / 50
Analysis date: 2014-02-15 01:06:33 UTC ( 6 minutes ago )
0 0
Analysis
File detail
Additional information
Comments
Votes
Antivirus Result Update
AVG 20140214
Ad-Aware 20140215
Agnitum 20140214
AhnLab-V3 20140214
AntiVir 20140214
Antiy-AVL 20140214
Avast 20140215
Baidu-International 20140214
BitDefender 20140215
Bkav 20140214
ByteHero 20140215
CAT-QuickHeal 20140214
CMC 20140213
ClamAV 20140214
Commtouch 20140215
Comodo 20140214
DrWeb 20140215
ESET-NOD32 20140215
Emsisoft 20140215
F-Prot 20140215
F-Secure 20140215
Fortinet 20140215
GData 20140215
Ikarus 20140214
Jiangmin 20140214
K7AntiVirus 20140214
K7GW 20140214
Kaspersky 20140214
Kingsoft 20140215
Malwarebytes 20140215
McAfee 20140215
McAfee-GW-Edition 20140215
MicroWorld-eScan 20140215
Microsoft 20140215
NANO-Antivirus 20140214
Norman 20140214
Panda 20140214
Qihoo-360 20140215
Rising 20140214
SUPERAntiSpyware 20140214
Sophos 20140215
Symantec 20140215
TheHacker 20140214
TotalDefense 20140214
TrendMicro 20140215
TrendMicro-HouseCall 20140214
VBA32 20140214
VIPRE 20140215
ViRobot 20140214
nProtect 20140214
Blog | Twitter | [email protected] | Google groups | ToS Sorry it took so long to post I work for the Fire Dept. So I was gone for 24 hrs. then my relief called in sick so I had to work 12 hrs ot today..36 hrs. sux...Thanks for your patience...James......
  • 0

#7
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 2/14/2014 9:00:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.49 Gb Available Physical Memory | 59.08% Memory free
14.77 Gb Paging File | 12.32 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): c:\pagefile.sys 9075 9075 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 483.37 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 18:35:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2014/02/11 18:15:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/10 04:40:26 | 045,198,176 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
PRC - [2014/02/10 04:40:26 | 001,378,144 | ---- | M] () -- C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
PRC - [2014/01/16 02:34:51 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/16 02:34:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/16 02:34:24 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/01/09 14:14:48 | 003,529,504 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/17 16:10:05 | 000,077,824 | ---- | M] ( Copyrighted © ) -- c:\Windows\SysWOW64\iiearmbc.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/10 04:40:28 | 000,907,616 | ---- | M] () -- C:\Program Files (x86)\Opera\19.0.1326.63\libGLESv2.dll
MOD - [2014/02/10 04:40:28 | 000,108,896 | ---- | M] () -- C:\Program Files (x86)\Opera\19.0.1326.63\libEGL.dll
MOD - [2014/02/10 04:40:27 | 000,890,208 | ---- | M] () -- C:\Program Files (x86)\Opera\19.0.1326.63\ffmpegsumo.dll
MOD - [2014/02/10 04:40:26 | 001,378,144 | ---- | M] () -- C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
MOD - [2014/01/16 02:34:52 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/31 16:49:22 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/01/16 02:34:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/01/16 02:34:24 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/11/09 05:16:12 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 14:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 15:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 15:23:40 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 15:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 12:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/02/13 16:56:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/11/10 17:46:51 | 000,279,024 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/17 16:10:05 | 000,077,824 | ---- | M] ( Copyrighted © ) [Auto | Running] -- c:\Windows\SysWOW64\iiearmbc.exe -- (oalvgomhlshqzc)
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/14 21:00:47 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/01/16 02:45:02 | 000,439,648 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/01/16 02:35:37 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/16 02:34:53 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/16 02:34:53 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/16 02:34:52 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/16 02:34:52 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/16 02:34:52 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/16 02:34:52 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/16 02:34:40 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/01/12 14:47:58 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/24 10:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/12/06 09:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/11/26 01:28:41 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/26 01:28:23 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/26 01:28:02 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/11/10 17:46:46 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/09 01:34:09 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/05 15:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 15:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/09 22:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 19:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 13:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2013/11/19 16:10:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/04/03 16:22:42 | 000,039,504 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{35201FBD-21D2-4DC4-A4D9-0914F2714F22}: "URL" = http://www.google.co...1I7TSNO_enUS561
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/28 01:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/01/31 18:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\9ffp4bqk.default-1384286089161\extensions
[2014/02/13 00:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\9ffp4bqk.default-1384286089161\extensions\[email protected]
[2014/02/01 23:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions
[2013/11/15 03:16:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/14 15:23:24 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2014/02/13 00:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/11/15 15:02:38 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/12/11 14:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\staged
[2014/02/13 16:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions
[2014/02/01 03:59:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/02/01 12:36:54 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/01 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions
[2013/12/14 15:23:24 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2014/02/13 00:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2013/11/15 15:02:37 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\[email protected]
[2013/12/11 14:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\uj7xqq3s.default\extensions\staged
[2013/11/14 16:09:18 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\[email protected]
[2013/11/14 16:12:11 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\e2vtqpd6.default-1384463292267\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/11 15:07:22 | 001,388,203 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/11 15:07:20 | 000,649,709 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\[email protected]
[2014/02/01 03:56:17 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/31 18:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/12 02:31:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.msn.com/
CHR - Extension: TooManyTabs for Chrome = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.148_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.149_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.150_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.151_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.152_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.153_0\
CHR - Extension: YouTube Options = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.155_0\
CHR - Extension: internet download manager = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmlhapfmellonebkjlfbokckaaljdke\0.0.0.3_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\3.7_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\3.8_0\
CHR - Extension: Nimbus Screenshot = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj\4.1_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.6_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.7_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.4.8_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.0_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.1_0\
CHR - Extension: Video download helper = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm\1.1.5.2_0\
CHR - Extension: Redirect Checker = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdoecgikollacepmbihjllneabhchk\0.0.0.1_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1031_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1037_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1038_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1040_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1051_0\
CHR - Extension: History Eraser = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.5_0\
CHR - Extension: History Eraser = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.7_0\
CHR - Extension: avast! Online Security = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: avast! Online Security = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Video Downloader - GotClip = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbblceflgjndjmpkhcdpjhidhkcknjen\1_0\
CHR - Extension: Pixlr Touch Up = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.3_0\
CHR - Extension: Pixlr Touch Up = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.3.0_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.4_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.4_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: MaximizeFlash = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljjmflmcnaigbhnheldbdbplkbhngnl\1.1_0\
CHR - Extension: Financial Calculator = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal\1.0.5_0\
CHR - Extension: Ghostery = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Ghostery = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.1.1_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: +Photo Zoom = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: WeVideo - Video Editor and Maker = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.3_0\
CHR - Extension: Click&Clean App = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Click&Clean App = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.4_0\

O1 HOSTS File: ([2014/01/12 15:05:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B64AC6-7FD5-485B-A70D-0C43E7CEA0AB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{391B3630-90A9-43BE-AF45-EECE1BD3D667}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/14 20:55:22 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/02/12 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/02/09 08:29:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{BAA58EC2-83B8-4EED-A056-16FE69EB9EFB}
[2014/02/04 22:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2014/02/04 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/02/04 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/02/04 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/02/04 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2014/02/04 19:19:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\TP
[2014/02/02 02:11:04 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{FE6895CD-A2BD-4F4C-884C-A4E85E54DE36}
[2014/02/01 23:11:34 | 000,034,080 | ---- | C] (IObit) -- C:\windows\SysNative\SmartDefragBootTime.exe
[2014/02/01 23:11:02 | 000,121,856 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll20140201231133.dll
[2014/02/01 23:11:02 | 000,121,856 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll
[2014/02/01 23:10:38 | 000,021,184 | ---- | C] (IObit) -- C:\windows\SysNative\drivers\SmartDefragDriver.sys
[2014/02/01 23:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/02/01 09:35:16 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{75044DCE-DDD8-4684-AB27-B3C67404C4EF}
[2014/01/31 20:08:11 | 000,000,000 | ---D | C] -- C:\windows\tasks\ImCleanDisabled
[2014/01/31 18:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/31 18:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/31 17:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/31 15:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/01/31 15:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/01/31 15:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/01/28 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{D6E8B26C-75D1-4C52-8D07-390598357671}
[2014/01/28 05:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/27 04:01:34 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Apps
[2014/01/23 02:03:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\aignes
[2014/01/23 01:16:56 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Registry Mechanic
[2014/01/23 00:46:11 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx
[2014/01/23 00:46:11 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx
[2014/01/23 00:46:11 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx
[2014/01/23 00:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2014/01/23 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Product_RM
[2014/01/22 12:39:17 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{0228C048-2462-4FD8-98AA-3C680C0DCD01}
[2014/01/21 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{04592737-6CDE-48F4-87C5-8294280E7297}
[2014/01/21 12:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/17 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{0DC38B43-DDEB-44B2-9534-B8365B787622}
[2014/01/17 00:48:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{4F948E21-7557-4468-A124-C106B32EB6C8}
[2014/01/16 11:05:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2014/01/16 10:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/01/16 10:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/01/16 04:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Relytec
[2014/01/16 02:35:09 | 001,034,464 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/01/16 02:35:09 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/01/16 02:35:07 | 000,092,544 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/01/16 02:35:07 | 000,078,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/01/16 02:35:05 | 000,028,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2014/01/16 02:35:02 | 000,334,136 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/01/16 02:34:24 | 000,439,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/16 02:16:46 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\ovjkmyaq.sys
[2014/01/16 02:16:37 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\rdfrtbde.sys
[2014/01/16 02:15:56 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\ooyenrab.sys
[2014/01/16 02:15:13 | 000,422,216 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\lkmfyxmz.sys
[4 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/14 20:56:53 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/14 20:55:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/14 20:55:03 | 645,931,844 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/02/14 20:55:02 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 20:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/02/14 20:21:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 15:26:30 | 000,028,329 | ---- | M] () -- C:\Users\James\Documents\999294_10201186940864107_1879150904_n.jpg
[2014/02/13 19:21:43 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 19:21:43 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 16:54:50 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/13 03:03:44 | 000,774,934 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/13 03:03:44 | 000,662,338 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/13 03:03:44 | 000,121,916 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/13 03:03:32 | 000,774,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/02/12 19:12:34 | 000,000,512 | ---- | M] () -- C:\Users\James\Desktop\MBR.dat
[2014/02/02 07:12:12 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/02 07:10:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/02/02 03:21:43 | 000,015,184 | ---- | M] () -- C:\Users\James\Documents\My Movie.wlmp
[2014/02/01 23:10:38 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/01/31 18:34:52 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/31 17:56:44 | 000,001,135 | ---- | M] () -- C:\Users\James\Desktop\Internet Explore.lnk
[2014/01/31 16:10:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
[2014/01/28 13:45:08 | 000,039,546 | ---- | M] () -- C:\Users\James\Documents\November - December, 2013.wlmp
[2014/01/28 01:29:07 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/28 01:29:07 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/23 01:39:45 | 002,158,592 | ---- | M] () -- C:\Users\James\s-1-5-21-93945945-1677992502-1968439572-1000.rrr
[2014/01/22 12:40:04 | 000,643,368 | ---- | M] () -- C:\Users\James\Documents\470404_107255372741635_636660164_o.jpg
[2014/01/16 13:53:35 | 000,000,600 | ---- | M] () -- C:\Users\James\AppData\Roaming\winscp.rnd
[2014/01/16 11:05:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2014/01/16 11:05:10 | 000,000,388 | ---- | M] () -- C:\windows\SysNative\.crusader
[2014/01/16 11:05:10 | 000,000,226 | ---- | M] () -- C:\windows\SysNative\bootdelete.lst
[2014/01/16 10:37:10 | 000,001,180 | ---- | M] () -- C:\Users\James\Desktop\Auslogics BoostSpeed.lnk
[2014/01/16 02:45:02 | 000,439,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/16 02:35:37 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/01/16 02:34:53 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/01/16 02:34:53 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/01/16 02:34:52 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/01/16 02:34:52 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/01/16 02:34:52 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/01/16 02:34:52 | 000,092,544 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/01/16 02:34:52 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/01/16 02:34:40 | 000,028,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2014/01/16 02:16:46 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\ovjkmyaq.sys
[2014/01/16 02:16:37 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\rdfrtbde.sys
[2014/01/16 02:15:56 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\ooyenrab.sys
[2014/01/16 02:15:13 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\lkmfyxmz.sys
[2014/01/15 23:59:46 | 000,007,596 | ---- | M] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2014/01/15 23:50:37 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[4 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/14 20:55:03 | 645,931,844 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/02/14 15:26:29 | 000,028,329 | ---- | C] () -- C:\Users\James\Documents\999294_10201186940864107_1879150904_n.jpg
[2014/02/13 01:03:06 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2014/02/12 19:12:34 | 000,000,512 | ---- | C] () -- C:\Users\James\Desktop\MBR.dat
[2014/02/02 07:11:38 | 000,275,712 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/02 07:10:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/02/01 23:10:38 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/01/31 18:34:52 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/31 18:34:52 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/31 17:56:44 | 000,001,135 | ---- | C] () -- C:\Users\James\Desktop\Internet Explore.lnk
[2014/01/23 01:39:45 | 002,158,592 | ---- | C] () -- C:\Users\James\s-1-5-21-93945945-1677992502-1968439572-1000.rrr
[2014/01/23 00:46:10 | 000,041,632 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe
[2014/01/22 12:36:57 | 000,643,368 | ---- | C] () -- C:\Users\James\Documents\470404_107255372741635_636660164_o.jpg
[2014/01/16 13:53:35 | 000,000,600 | ---- | C] () -- C:\Users\James\AppData\Roaming\winscp.rnd
[2014/01/16 11:05:10 | 000,000,226 | ---- | C] () -- C:\windows\SysNative\bootdelete.lst
[2014/01/16 10:37:10 | 000,001,180 | ---- | C] () -- C:\Users\James\Desktop\Auslogics BoostSpeed.lnk
[2014/01/16 09:30:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
[2014/01/16 02:36:37 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/16 02:36:37 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/12 23:45:10 | 000,774,934 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/01/12 14:55:06 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/12 14:55:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/12 14:55:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/12 14:55:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/12 14:55:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/19 00:58:01 | 000,000,072 | ---- | C] () -- C:\Users\James\AppData\Roaming\WB.CFG
[2013/11/11 03:46:31 | 000,000,632 | RHS- | C] () -- C:\Users\James\ntuser.pol
[2013/11/10 17:46:51 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2013/11/10 17:46:44 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/11/10 17:46:42 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2013/11/09 10:24:35 | 000,007,596 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2012/10/18 19:01:27 | 000,022,655 | ---- | C] () -- C:\windows\SysWow64\mswen-oce.dll
[2012/06/04 06:12:04 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\nggyqsdg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/23 02:03:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\aignes
[2013/11/08 23:37:28 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVAST Software
[2013/12/23 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Book Place
[2014/01/12 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DriverCure
[2014/02/01 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit
[2013/11/15 14:23:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Opera Software
[2014/01/12 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ParetoLogic
[2014/01/23 00:45:40 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Product_RM
[2014/01/23 01:39:46 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Registry Mechanic
[2013/12/07 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Toshiba
[2014/02/04 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TP
[2013/11/15 15:01:09 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\UpdaterEX
[2013/11/08 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that has removed the service, have you noticed any anomalies in how the system is running ?
  • 0

#9
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
When I run msconfig / It still shows up in system configuration , services , again it wont let me turn it off or disable, what do you think is up with this ? James..
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So it has returned after deletion .. Time for the big boy

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements


#11
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, after doin what you said I tried to open combofix, It tells me that I'm not allowed to rename the program, "I said to the computer I don't want to rename the [bleep] program " ( just kidding ) So it will not allow me to open it.....Also in program files (x86), there's a file named bxtkfutnnjfwr This is the first time I've noticed it but it may have been there before, not sure,,,,Okay thanks in advance for you're help...James
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK slight change of tack .. Could you reboot to safe mode

Restart the computer and immediately press and hold F8
A menu should appear
Select safe mode with networking, the screen will look weird when you log on but ignore that
Then run Combofix again.


If it should still fail to run :

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#13
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 14-02-16.01 - James 02/17/2014 0:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3529 [GMT -5:00]
Running from: c:\users\James\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explore.lnk
c:\windows\SysWow64\SETA814.tmp
c:\windows\SysWow64\SETB748.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-17 05:28 . 2014-02-17 05:28 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Tristan\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Charly\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Becky\AppData\Local\temp
2014-02-15 20:36 . 2014-02-15 20:36 -------- d-----w- c:\programdata\VirtualizedApplications
2014-02-15 20:23 . 2014-02-15 20:23 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2014-02-15 20:18 . 2014-02-15 20:18 3791320 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-02-15 20:18 . 2014-02-15 20:18 2782936 ----a-w- c:\windows\system32\SET5685.tmp
2014-02-15 20:18 . 2014-02-15 20:18 154840 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-02-15 20:18 . 2014-02-15 20:19 -------- d-----w- C:\DrvInstall
2014-02-15 20:18 . 2014-02-15 20:18 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-02-15 20:18 . 2014-02-15 20:18 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-02-15 20:03 . 2014-02-15 20:03 176880 ----a-w- c:\windows\system32\drivers\jmcr.sys
2014-02-15 10:54 . 2014-02-15 10:54 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-02-15 10:54 . 2014-02-15 10:54 2588888 ----a-w- c:\windows\system32\SET9060.tmp
2014-02-15 10:53 . 2014-02-15 10:53 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-02-15 10:53 . 2014-02-15 10:53 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-02-15 10:53 . 2014-02-15 10:53 -------- d-----w- C:\Intel
2014-02-15 10:51 . 2014-02-15 10:51 11530992 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2014-02-14 11:15 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F71ABFC-2775-4085-8328-98F86A759B35}\mpengine.dll
2014-02-13 08:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 08:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 06:15 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:47 . 2014-02-13 04:47 -------- d-----w- c:\program files (x86)\Secunia
2014-02-05 00:20 . 2014-02-05 00:51 -------- d-----w- c:\users\Tristan\AppData\Roaming\SoftGrid Client
2014-02-05 00:20 . 2014-02-05 00:20 -------- d-----w- c:\users\Tristan\AppData\Local\SoftGrid Client
2014-02-05 00:19 . 2014-02-05 00:19 -------- d-----w- c:\program files\Microsoft Office
2014-02-05 00:19 . 2014-02-05 08:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-02-05 00:19 . 2014-02-05 00:21 -------- d-----w- c:\users\James\AppData\Roaming\TP
2014-02-02 14:20 . 2014-02-02 14:20 -------- d-----w- c:\users\Becky\AppData\Roaming\Toshiba
2014-02-02 04:11 . 2013-11-19 21:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-02 04:11 . 2014-01-08 20:54 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-02 04:10 . 2013-12-24 15:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-01-31 23:34 . 2014-02-12 07:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-31 20:40 . 2014-01-31 21:14 -------- d-----w- c:\programdata\SecTaskMan
2014-01-31 20:39 . 2014-01-31 20:39 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-01-27 09:01 . 2014-01-27 09:01 -------- d-----w- c:\users\James\AppData\Local\Apps
2014-01-23 07:03 . 2014-01-23 07:03 -------- d-----w- c:\users\James\AppData\Roaming\aignes
2014-01-23 06:16 . 2014-01-23 06:39 -------- d-----w- c:\users\James\AppData\Roaming\Registry Mechanic
2014-01-23 05:46 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2014-01-23 05:46 . 2008-04-02 20:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2014-01-23 05:46 . 2008-04-02 20:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2014-01-23 05:46 . 2012-08-21 19:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll
2014-01-23 05:46 . 2012-08-21 19:44 41632 ----a-w- c:\windows\system32\CleanMFT64.exe
2014-01-23 05:46 . 2008-09-18 02:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-01-23 05:46 . 2014-01-28 06:23 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-01-23 05:45 . 2014-01-23 05:45 -------- d-----w- c:\users\James\AppData\Roaming\Product_RM
2014-01-22 18:13 . 2014-01-22 18:13 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-22 18:13 . 2014-01-22 18:13 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-21 17:48 . 2013-12-19 02:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 05:58 . 2013-11-09 14:25 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-15 20:18 . 2013-11-09 06:41 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-02-15 10:52 . 2011-06-27 17:23 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-02-15 10:52 . 2011-06-27 17:24 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-02-15 10:52 . 2011-06-27 17:19 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-02-15 10:52 . 2013-11-10 22:46 11176448 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-02-13 21:56 . 2013-11-09 05:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-13 21:56 . 2011-11-22 04:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 03:45 . 2013-12-02 17:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-01-30 03:45 . 2013-12-02 17:25 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-01-30 03:45 . 2013-12-02 17:25 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-01-30 03:45 . 2013-11-15 20:47 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-01-20 00:27 . 2013-11-15 20:47 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-20 00:27 . 2013-11-15 20:47 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-01-20 00:27 . 2013-11-15 20:47 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-01-16 16:05 . 2014-01-16 16:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-01-16 07:45 . 2014-01-16 07:34 439648 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-16 07:35 . 2013-12-24 12:43 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-16 07:34 . 2013-12-16 04:44 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-16 07:34 . 2013-12-16 04:44 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-16 07:34 . 2014-01-16 07:35 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-16 07:34 . 2014-01-16 07:35 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-16 07:34 . 2014-01-16 07:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-16 07:34 . 2014-01-16 07:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-16 07:34 . 2014-01-16 07:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-16 07:34 . 2014-01-16 07:35 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-16 07:16 . 2014-01-16 07:16 422216 ----a-w- c:\windows\system32\drivers\ovjkmyaq.sys
2014-01-16 07:16 . 2014-01-16 07:16 422216 ----a-w- c:\windows\system32\drivers\rdfrtbde.sys
2014-01-16 07:15 . 2014-01-16 07:15 422216 ----a-w- c:\windows\system32\drivers\ooyenrab.sys
2014-01-16 07:15 . 2014-01-16 07:15 422216 ----a-w- c:\windows\system32\drivers\lkmfyxmz.sys
2014-01-12 19:47 . 2013-11-09 06:41 107552 ----a-w- c:\windows\system32\SETB59F.tmp
2014-01-08 01:28 . 2013-11-09 06:41 108760 ----a-w- c:\windows\system32\SETF376.tmp
2014-01-08 01:27 . 2014-01-08 01:27 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-08 01:27 . 2014-01-08 01:27 2588888 ----a-w- c:\windows\system32\SETC3F1.tmp
2014-01-08 01:27 . 2014-01-08 01:27 618200 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-08 01:27 . 2014-01-08 01:27 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2013-12-24 01:20 . 2013-12-16 04:44 43152 ----a-w- c:\windows\avastSS.scr
2013-12-23 22:09 . 2013-12-23 22:09 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 04:24 . 2013-12-11 04:24 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 04:24 . 2013-12-11 04:24 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 04:24 . 2013-12-11 04:24 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-06 14:47 . 2013-12-06 14:47 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-12-02 17:25 . 2013-12-02 17:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-27 01:41 . 2014-01-14 19:58 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-14 19:58 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-14 19:58 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-14 19:58 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-14 19:58 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-14 19:58 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-14 19:58 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-14 19:58 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-14 19:58 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 06:28 . 2013-11-26 06:28 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-11-26 06:28 . 2013-11-26 06:28 32496 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-11-26 06:28 . 2013-11-26 06:28 885520 ----a-w- c:\windows\system32\Netwcw00.dll
2013-11-26 06:28 . 2013-11-26 06:28 3381008 ----a-w- c:\windows\system32\Netwrw00.dll
2013-11-26 05:44 . 2013-11-26 05:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 05:44 . 2013-11-26 05:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 05:44 . 2013-11-26 05:44 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 05:44 . 2013-11-26 05:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 05:44 . 2013-11-26 05:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 05:44 . 2013-11-26 05:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 05:44 . 2013-11-26 05:44 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 05:44 . 2013-11-26 05:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 05:44 . 2013-11-26 05:44 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 05:44 . 2013-11-26 05:44 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 05:44 . 2013-11-26 05:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 05:44 . 2013-11-26 05:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 05:44 . 2013-11-26 05:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 05:44 . 2013-11-26 05:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 05:44 . 2013-11-26 05:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 05:44 . 2013-11-26 05:44 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 05:44 . 2013-11-26 05:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 05:44 . 2013-11-26 05:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 05:44 . 2013-11-26 05:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 05:44 . 2013-11-26 05:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 05:44 . 2013-11-26 05:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 05:44 . 2013-11-26 05:44 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 05:44 . 2013-11-26 05:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 05:44 . 2013-11-26 05:44 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 05:44 . 2013-11-26 05:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 05:44 . 2013-11-26 05:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 05:44 . 2013-11-26 05:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 05:44 . 2013-11-26 05:44 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 05:44 . 2013-11-26 05:44 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 05:44 . 2013-11-26 05:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 05:44 . 2013-11-26 05:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 05:44 . 2013-11-26 05:44 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 05:44 . 2013-11-26 05:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 05:44 . 2013-11-26 05:44 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 05:44 . 2013-11-26 05:44 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 05:44 . 2013-11-26 05:44 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 05:44 . 2013-11-26 05:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 05:44 . 2013-11-26 05:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 05:44 . 2013-11-26 05:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 05:44 . 2013-11-26 05:44 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 05:44 . 2013-11-26 05:44 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 05:44 . 2013-11-26 05:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 05:44 . 2013-11-26 05:44 13824 ----a-w- c:\windows\system32\mshta.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-16 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 oalvgomhlshqzc;oalvgomhlshqzc;c:\windows\SysWOW64\iiearmbc.exe;c:\windows\SysWOW64\iiearmbc.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 18:15 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-09 21:56]
.
2014-02-17 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-02-15 19:16]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 06:50]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 06:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-02-15 10:29 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-16 07:34 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
.
**************************************************************************
.
Completion time: 2014-02-17 00:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-17 05:33
.
Pre-Run: 517,762,494,464 bytes free
Post-Run: 517,764,734,976 bytes free
.
- - End Of File - - 7616DB1A6CDCD5DD383F92912A5BFC32
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the infected services file has been replaced we should now be able to use Combofix to kill the rest

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\SysWOW64\iiearmbc.exe

Driver::
oalvgomhlshqzc



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#15
james0873

james0873

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 14-02-16.01 - James 02/17/2014 0:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3529 [GMT -5:00]
Running from: c:\users\James\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explore.lnk
c:\windows\SysWow64\SETA814.tmp
c:\windows\SysWow64\SETB748.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-17 05:28 . 2014-02-17 05:28 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Tristan\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Charly\AppData\Local\temp
2014-02-17 05:23 . 2014-02-17 05:23 -------- d-----w- c:\users\Becky\AppData\Local\temp
2014-02-15 20:36 . 2014-02-15 20:36 -------- d-----w- c:\programdata\VirtualizedApplications
2014-02-15 20:23 . 2014-02-15 20:23 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2014-02-15 20:18 . 2014-02-15 20:18 3791320 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-02-15 20:18 . 2014-02-15 20:18 2782936 ----a-w- c:\windows\system32\SET5685.tmp
2014-02-15 20:18 . 2014-02-15 20:18 154840 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-02-15 20:18 . 2014-02-15 20:19 -------- d-----w- C:\DrvInstall
2014-02-15 20:18 . 2014-02-15 20:18 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-02-15 20:18 . 2014-02-15 20:18 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-02-15 20:03 . 2014-02-15 20:03 176880 ----a-w- c:\windows\system32\drivers\jmcr.sys
2014-02-15 10:54 . 2014-02-15 10:54 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-02-15 10:54 . 2014-02-15 10:54 2588888 ----a-w- c:\windows\system32\SET9060.tmp
2014-02-15 10:53 . 2014-02-15 10:53 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-02-15 10:53 . 2014-02-15 10:53 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-02-15 10:53 . 2014-02-15 10:53 -------- d-----w- C:\Intel
2014-02-15 10:51 . 2014-02-15 10:51 11530992 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2014-02-14 11:15 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F71ABFC-2775-4085-8328-98F86A759B35}\mpengine.dll
2014-02-13 08:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 08:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 06:15 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:47 . 2014-02-13 04:47 -------- d-----w- c:\program files (x86)\Secunia
2014-02-05 00:20 . 2014-02-05 00:51 -------- d-----w- c:\users\Tristan\AppData\Roaming\SoftGrid Client
2014-02-05 00:20 . 2014-02-05 00:20 -------- d-----w- c:\users\Tristan\AppData\Local\SoftGrid Client
2014-02-05 00:19 . 2014-02-05 00:19 -------- d-----w- c:\program files\Microsoft Office
2014-02-05 00:19 . 2014-02-05 08:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-02-05 00:19 . 2014-02-05 00:21 -------- d-----w- c:\users\James\AppData\Roaming\TP
2014-02-02 14:20 . 2014-02-02 14:20 -------- d-----w- c:\users\Becky\AppData\Roaming\Toshiba
2014-02-02 04:11 . 2013-11-19 21:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-02 04:11 . 2014-01-08 20:54 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-02 04:10 . 2013-12-24 15:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-01-31 23:34 . 2014-02-12 07:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-31 20:40 . 2014-01-31 21:14 -------- d-----w- c:\programdata\SecTaskMan
2014-01-31 20:39 . 2014-01-31 20:39 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-01-27 09:01 . 2014-01-27 09:01 -------- d-----w- c:\users\James\AppData\Local\Apps
2014-01-23 07:03 . 2014-01-23 07:03 -------- d-----w- c:\users\James\AppData\Roaming\aignes
2014-01-23 06:16 . 2014-01-23 06:39 -------- d-----w- c:\users\James\AppData\Roaming\Registry Mechanic
2014-01-23 05:46 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2014-01-23 05:46 . 2008-04-02 20:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2014-01-23 05:46 . 2008-04-02 20:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2014-01-23 05:46 . 2012-08-21 19:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll
2014-01-23 05:46 . 2012-08-21 19:44 41632 ----a-w- c:\windows\system32\CleanMFT64.exe
2014-01-23 05:46 . 2008-09-18 02:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-01-23 05:46 . 2014-01-28 06:23 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-01-23 05:45 . 2014-01-23 05:45 -------- d-----w- c:\users\James\AppData\Roaming\Product_RM
2014-01-22 18:13 . 2014-01-22 18:13 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-22 18:13 . 2014-01-22 18:13 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-21 17:48 . 2013-12-19 02:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 05:58 . 2013-11-09 14:25 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-15 20:18 . 2013-11-09 06:41 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-02-15 10:52 . 2011-06-27 17:23 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-02-15 10:52 . 2011-06-27 17:24 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-02-15 10:52 . 2011-06-27 17:19 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-02-15 10:52 . 2013-11-10 22:46 11176448 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-02-13 21:56 . 2013-11-09 05:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-13 21:56 . 2011-11-22 04:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 03:45 . 2013-12-02 17:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-01-30 03:45 . 2013-12-02 17:25 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-01-30 03:45 . 2013-12-02 17:25 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-01-30 03:45 . 2013-11-15 20:47 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-01-20 00:27 . 2013-11-15 20:47 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-20 00:27 . 2013-11-15 20:47 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-01-20 00:27 . 2013-11-15 20:47 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-01-16 16:05 . 2014-01-16 16:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-01-16 07:45 . 2014-01-16 07:34 439648 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-16 07:35 . 2013-12-24 12:43 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-16 07:34 . 2013-12-16 04:44 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-16 07:34 . 2013-12-16 04:44 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-16 07:34 . 2014-01-16 07:35 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-16 07:34 . 2014-01-16 07:35 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-16 07:34 . 2014-01-16 07:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-16 07:34 . 2014-01-16 07:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-16 07:34 . 2014-01-16 07:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-16 07:34 . 2014-01-16 07:35 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-16 07:16 . 2014-01-16 07:16 422216 ----a-w- c:\windows\system32\drivers\ovjkmyaq.sys
2014-01-16 07:16 . 2014-01-16 07:16 422216 ----a-w- c:\windows\system32\drivers\rdfrtbde.sys
2014-01-16 07:15 . 2014-01-16 07:15 422216 ----a-w- c:\windows\system32\drivers\ooyenrab.sys
2014-01-16 07:15 . 2014-01-16 07:15 422216 ----a-w- c:\windows\system32\drivers\lkmfyxmz.sys
2014-01-12 19:47 . 2013-11-09 06:41 107552 ----a-w- c:\windows\system32\SETB59F.tmp
2014-01-08 01:28 . 2013-11-09 06:41 108760 ----a-w- c:\windows\system32\SETF376.tmp
2014-01-08 01:27 . 2014-01-08 01:27 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-08 01:27 . 2014-01-08 01:27 2588888 ----a-w- c:\windows\system32\SETC3F1.tmp
2014-01-08 01:27 . 2014-01-08 01:27 618200 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-08 01:27 . 2014-01-08 01:27 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2013-12-24 01:20 . 2013-12-16 04:44 43152 ----a-w- c:\windows\avastSS.scr
2013-12-23 22:09 . 2013-12-23 22:09 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 04:24 . 2013-12-11 04:24 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 04:24 . 2013-12-11 04:24 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 04:24 . 2013-12-11 04:24 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-06 14:47 . 2013-12-06 14:47 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-12-02 17:25 . 2013-12-02 17:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-27 01:41 . 2014-01-14 19:58 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-14 19:58 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-14 19:58 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-14 19:58 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-14 19:58 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-14 19:58 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-14 19:58 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-14 19:58 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-14 19:58 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 06:28 . 2013-11-26 06:28 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-11-26 06:28 . 2013-11-26 06:28 32496 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-11-26 06:28 . 2013-11-26 06:28 885520 ----a-w- c:\windows\system32\Netwcw00.dll
2013-11-26 06:28 . 2013-11-26 06:28 3381008 ----a-w- c:\windows\system32\Netwrw00.dll
2013-11-26 05:44 . 2013-11-26 05:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 05:44 . 2013-11-26 05:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 05:44 . 2013-11-26 05:44 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 05:44 . 2013-11-26 05:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 05:44 . 2013-11-26 05:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 05:44 . 2013-11-26 05:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 05:44 . 2013-11-26 05:44 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 05:44 . 2013-11-26 05:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 05:44 . 2013-11-26 05:44 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 05:44 . 2013-11-26 05:44 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 05:44 . 2013-11-26 05:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 05:44 . 2013-11-26 05:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 05:44 . 2013-11-26 05:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 05:44 . 2013-11-26 05:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 05:44 . 2013-11-26 05:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 05:44 . 2013-11-26 05:44 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 05:44 . 2013-11-26 05:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 05:44 . 2013-11-26 05:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 05:44 . 2013-11-26 05:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 05:44 . 2013-11-26 05:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 05:44 . 2013-11-26 05:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 05:44 . 2013-11-26 05:44 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 05:44 . 2013-11-26 05:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 05:44 . 2013-11-26 05:44 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 05:44 . 2013-11-26 05:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 05:44 . 2013-11-26 05:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 05:44 . 2013-11-26 05:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 05:44 . 2013-11-26 05:44 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 05:44 . 2013-11-26 05:44 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 05:44 . 2013-11-26 05:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 05:44 . 2013-11-26 05:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 05:44 . 2013-11-26 05:44 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 05:44 . 2013-11-26 05:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 05:44 . 2013-11-26 05:44 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 05:44 . 2013-11-26 05:44 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 05:44 . 2013-11-26 05:44 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 05:44 . 2013-11-26 05:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 05:44 . 2013-11-26 05:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 05:44 . 2013-11-26 05:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 05:44 . 2013-11-26 05:44 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 05:44 . 2013-11-26 05:44 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 05:44 . 2013-11-26 05:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 05:44 . 2013-11-26 05:44 13824 ----a-w- c:\windows\system32\mshta.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-16 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 oalvgomhlshqzc;oalvgomhlshqzc;c:\windows\SysWOW64\iiearmbc.exe;c:\windows\SysWOW64\iiearmbc.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 18:15 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-09 21:56]
.
2014-02-17 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-02-15 19:16]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 06:50]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 06:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-02-15 10:29 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-16 07:34 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\oupliwli.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
.
**************************************************************************
.
Completion time: 2014-02-17 00:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-17 05:33
.
Pre-Run: 517,762,494,464 bytes free
Post-Run: 517,764,734,976 bytes free
.
- - End Of File - - 7616DB1A6CDCD5DD383F92912A5BFC32
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP