Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

need help removing audio ads malware [Closed]

Started by gyberger , May 05 2014 09:59 PM

This topic is locked

#1
gyberger

Posted 05 May 2014 - 09:59 PM

Member

Member
13 posts

Hello

Looking for help removing those annoying ads running in background....Tried malwarebytes,hitman pro,mse,trend micro housecall.etc.

Any help would be appreciated. Here are my OTL logs from quick scan.

OTL logfile created on: 5/5/2014 07:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 35.41% Memory free
7.71 Gb Paging File | 4.99 Gb Available in Paging File | 64.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.67 Gb Total Space | 212.76 Gb Free Space | 73.70% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/05 19:50:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2014/04/14 03:05:08 | 000,349,472 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 4\SoftwareUpdate.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 13:32:36 | 005,207,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exe
PRC - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/02/12 18:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/04 02:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/10/18 02:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\drivers\XAudio64.exe -- (XAudioService)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\TODDSrv.exe -- (TODDSrv)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SLsvc.exe -- (slsvc)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2012/12/24 01:38:24 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 13:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/02/12 18:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/27 02:29:46 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)
DRV:64bit: - [2009/10/27 02:29:40 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWNSP.sys -- (PTUMWNSP)
DRV:64bit: - [2009/10/27 02:29:34 | 000,144,912 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWNET.sys -- (PTUMWNET)
DRV:64bit: - [2009/10/27 02:29:26 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)
DRV:64bit: - [2009/10/27 02:29:20 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)
DRV:64bit: - [2009/10/27 02:29:14 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWCSP.sys -- (PTUMWCSP)
DRV:64bit: - [2009/10/27 02:29:00 | 000,071,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWBus.sys -- (PTUMWBus)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 18:28:36 | 001,388,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/01/20 00:43:48 | 000,004,608 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssrangdr.sys -- (ssrangdr)
DRV:64bit: - [2008/10/28 16:49:58 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/15 12:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/10 23:25:30 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/04/08 12:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/04/04 12:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/03/25 19:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 19:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 19:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/05 16:41:58 | 000,197,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00)
DRV:64bit: - [2008/03/05 16:41:58 | 000,195,584 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2008/03/05 16:41:58 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/12/20 19:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/29 20:58:58 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/10/18 02:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/12 18:04:40 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2007/04/09 18:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/11/09 16:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 16:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/11/07 14:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/04/24 01:52:06 | 000,016,640 | ---- | M] (<Glarysoft Ltd>) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2008/03/05 16:41:58 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{EAEE5007-FF2F-46F3-BD1F-148BFDAC541B}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...Page={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 C3 87 DF 31 60 CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ConservativeTalkNow_4n.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2014/04/29 20:25:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23CBCD86-916E-48AC-9920-5D3010D180A2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA411C4-D7A7-4568-8004-7BB04A484C23}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/05 19:50:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014/05/05 19:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/05 19:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
[2014/05/05 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2014/05/05 11:44:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
[2014/05/04 23:42:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
[2014/05/03 00:08:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
[2014/05/02 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
[2014/05/02 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
[2014/05/02 07:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
[2014/05/02 07:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 4
[2014/05/01 22:46:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
[2014/05/01 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CrashDumps
[2014/05/01 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
[2014/04/30 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
[2014/04/30 09:53:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
[2014/04/29 20:34:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/29 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2014/04/29 20:26:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/29 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\RK_Quarantine
[2014/04/29 18:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/04/29 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/29 13:33:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
[2014/04/29 08:01:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2014/04/29 08:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/04/29 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
[2014/04/28 20:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/04/28 20:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/04/28 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
[2014/04/26 11:04:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Test
[2014/04/25 12:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/25 12:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/25 11:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/25 07:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/25 03:30:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\ProcAlyzer Dumps
[2014/04/25 03:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/04/25 03:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/04/25 00:10:40 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/06 12:45:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\dxdllreg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/05 19:50:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014/05/05 19:37:29 | 000,000,078 | ---- | M] () -- C:\Windows\SysNative\edsthc.ylh
[2014/05/05 19:33:56 | 000,795,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/05 19:33:56 | 000,666,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/05 19:33:56 | 000,130,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/05 19:27:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/05/05 19:27:21 | 000,037,888 | ---- | M] () -- C:\Windows\SysNative\ohayhgz.moe
[2014/05/05 19:27:21 | 000,000,107 | ---- | M] () -- C:\Windows\SysNative\mxglci.geh
[2014/05/05 19:27:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:27:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:26:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/05 19:06:49 | 000,408,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/02 07:37:45 | 000,000,954 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/05/02 07:37:45 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/04/29 20:25:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/29 18:54:56 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/29 18:04:47 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/29 08:16:06 | 000,017,475 | ---- | M] () -- C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
[2014/04/28 20:33:24 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/04/25 12:23:40 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/25 11:13:03 | 000,000,644 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/04/25 07:26:12 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/25 06:50:13 | 000,000,010 | ---- | M] () -- C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
[2014/04/24 21:28:08 | 000,001,460 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2014/04/24 21:26:19 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2014/04/24 19:37:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\dyrr.max
[2014/04/24 19:21:42 | 000,301,959 | --S- | M] () -- C:\Windows\SysNative\moekui.skb
[2014/04/24 16:35:06 | 000,200,660 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/04/22 23:45:11 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2014/04/22 17:37:52 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2014/04/22 17:37:29 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2014/04/22 17:37:29 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2014/04/17 14:25:52 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/05 19:06:19 | 000,408,608 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/02 07:37:45 | 000,000,954 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/05/02 07:37:45 | 000,000,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
[2014/05/02 07:37:45 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/05/02 07:37:40 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/04/29 18:54:56 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/28 22:33:57 | 000,017,475 | ---- | C] () -- C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
[2014/04/28 20:33:24 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/04/28 20:33:24 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/04/25 18:36:17 | 000,002,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Migration Assistant.lnk
[2014/04/25 12:23:40 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/25 11:13:03 | 000,000,644 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/04/25 07:26:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/25 06:50:13 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
[2014/04/24 20:04:47 | 000,000,078 | ---- | C] () -- C:\Windows\SysNative\edsthc.ylh
[2014/04/24 19:38:13 | 000,037,888 | ---- | C] () -- C:\Windows\SysNative\ohayhgz.moe
[2014/04/24 19:37:56 | 000,000,107 | ---- | C] () -- C:\Windows\SysNative\mxglci.geh
[2014/04/24 19:37:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\dyrr.max
[2014/04/24 19:21:42 | 000,301,959 | --S- | C] () -- C:\Windows\SysNative\moekui.skb
[2014/04/24 16:35:06 | 000,200,660 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/04/08 22:45:18 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2014/04/08 22:44:50 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/11/06 12:45:41 | 000,000,724 | ---- | C] () -- C:\Users\Admin\dxdllreg_x86.inf
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\XAudio64.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\TODDSrv.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SLsvc.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2012/12/24 01:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ati2evxx.exe
[2012/12/24 01:38:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2012/09/19 12:04:18 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/04 11:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/01 19:10:06 | 000,908,234 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2011/10/01 19:09:19 | 000,160,990 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2011/10/01 18:56:39 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/09/16 21:35:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\jagex__preferences3.dat
[2010/09/16 21:35:27 | 000,000,099 | ---- | C] () -- C:\Users\Admin\jagex_runescape_preferences2.dat
[2010/09/16 21:33:22 | 000,000,046 | ---- | C] () -- C:\Users\Admin\jagex_runescape_preferences.dat
[2009/05/30 12:02:59 | 000,006,144 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 00:36:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/12 11:41:24 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/03/10 08:43:17 | 000,001,460 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/01 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\aK7fEL9gTqYwI
[2011/10/01 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AqhYCwkUVlBx0c1
[2013/07/24 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Auslogics
[2011/10/01 21:10:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\axAuvS2ob3m5Q6W
[2011/10/01 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bFF3pnn5aQ6dKfL
[2011/10/01 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BobF3pmG5Q6W8
[2011/10/01 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BuvS2ibF3n
[2011/10/01 21:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\c3onG4amHsJfLgZ
[2011/10/01 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\C4pmG5sQJdKfZhX
[2011/10/01 21:06:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\C6dEK8fRZhX
[2011/10/01 21:09:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CG4amH6sW7E8TqY
[2011/10/01 21:11:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CWJ7fEL8gZhCkVl
[2011/10/01 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CZ9hTXwjUeIrPy
[2011/10/01 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\d2obF3pmGaJd
[2011/10/01 21:10:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dF4pmH5sQ7E8R9Y
[2011/10/01 21:05:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DfEL9gTZqYw
[2011/10/01 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dH6sWJ7fE8TqYwU
[2014/05/05 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disk Cleaner
[2014/05/01 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DiskDefrag
[2011/10/01 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\e3onG4amHsJfLgZ
[2011/10/01 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EaQH6sWK7E9Tq
[2011/10/01 21:09:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\eRZ99TTwjUClBzN
[2011/10/01 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EsQJ6dEK8R9TwUe
[2011/10/01 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\F2oonF4pm5sQ7E8
[2010/02/25 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/10/01 21:08:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FQH6dWK7fLgXjCk
[2011/10/01 21:10:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FUVelIBtzNc1v2b
[2014/05/02 07:37:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GlarySoft
[2011/10/01 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GTXqjUCekB
[2011/10/01 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\h5sWJ7dEL
[2011/10/01 21:11:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HXqjUCekIrO
[2011/10/01 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\irzONtxA0c2b3n4
[2011/10/01 21:13:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\itzPNycA1v2b4
[2011/10/01 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\j4aQH6sWKfLgZ
[2011/10/01 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JNyxA1uvS
[2011/10/01 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\jRZ9hTXwjClBzNx
[2011/10/01 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\kwjUCelIBzNx1v2
[2011/10/01 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KxP0ucS1iDoGaHs
[2011/10/01 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LJ7fEL8gTqYwUrO
[2011/10/01 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\lK8fRZ9hT
[2011/10/01 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\lmH5sWJ7dLgZ
[2011/10/01 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NwkUVelOBz0c1v2
[2011/10/01 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\O1uvS2obFpGaJdK
[2011/10/01 21:09:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\o8gRZ9hYXjVlBz
[2011/10/01 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\p0ucS2ibDpGaHsK
[2011/10/01 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\paQJ6dWK8R9TqUe
[2013/01/16 23:32:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\playitall(157)
[2011/10/01 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlOBtzP0yAiDoFp
[2011/10/01 21:11:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\pqhYCwkUVlBx0c1
[2011/10/01 21:06:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\rQJ6dEK8fZhXjCl
[2011/10/01 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\rXqjUCekIrOyAuS
[2011/10/01 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SddEK8fRZ9TXjCl
[2011/10/01 21:08:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\sibF3pnG5Q6W7R
[2011/10/01 21:12:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SmH6sWJ7fLgZhCk
[2011/10/01 21:08:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\sQJ7dEK8gZhXjV
[2012/10/30 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SumatraPDF
[2009/03/09 15:38:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2011/10/01 21:04:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TBtxP0ycS
[2011/10/01 21:09:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeekkVVzONxA
[2014/03/12 08:42:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TOSHIBA
[2011/10/01 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uhTXqjUCe
[2010/05/08 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ulead Systems
[2011/10/01 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UNyxA0uvSiF
[2011/10/01 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UqjYCwkIVlN
[2011/10/01 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\V5sQJ7dEKgZh
[2011/10/01 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vK8fRZ9hTwUeI
[2011/10/01 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VlOBtzP0y
[2011/10/01 21:07:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VnF4pmH5sJdK
[2011/10/01 21:12:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vRZqhYXwkVlBz0c
[2011/10/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VS2ibD3pn
[2012/04/25 13:00:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\webex
[2011/10/01 21:10:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wgTXqjYCeIrOtAu
[2011/10/01 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wibD3onG4m
[2009/05/26 12:30:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2011/01/11 15:52:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011/10/01 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wIVrlONtx0
[2011/10/01 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WjUVVllItzPyA1v
[2011/10/01 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WnF4amH5sJdLgZh
[2011/10/01 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wOBBtzP0yA
[2011/10/01 21:12:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WTXqjUCekBzNx0v
[2011/10/01 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WYCwkUVrlBx0c1v
[2011/10/01 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\X33onF4amHsW7E8
[2011/10/01 21:07:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\xL9hTXqjUeIrOyA
[2011/10/01 21:10:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\xxA0ucS2iDpGaHs
[2011/10/01 21:04:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\xXwjUCelIrPyAu2
[2011/10/01 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Yam6sWJ7fLgZhCk
[2011/10/01 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\yaQH6sWK7fL9TqY
[2011/10/01 21:12:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\yBrzONyxAuSiFp
[2011/10/01 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\yucS2ibD3n4Q6W7
[2011/10/01 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\zD3onF4am5W7E8R
[2011/10/01 21:09:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZellOBtz0ycA
[2011/10/01 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZK8gRZ9hYwUeItP
[2011/10/01 21:06:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZsWWJ7fELgTZhCk

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 841 bytes -> C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomProperty
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:07F6D9E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 5/5/2014 07:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 35.41% Memory free
7.71 Gb Paging File | 4.99 Gb Available in Paging File | 64.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.67 Gb Total Space | 212.76 Gb Free Space | 73.70% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 28 42 7F 04 1F E1 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3402813050-4047483925-927164663-1000]
"EnableNotificationsRef" = 6
"EnableNotifications" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2ACCABFA-EF7D-439C-92B9-69D49F8D7D8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41404D07-363F-46EE-9C82-7B82EE2F22B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B276100-1643-436A-A4D7-A4A85185AE0B}" = rport=445 | protocol=6 | dir=out | app=system |
"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{905764E0-4313-4291-B9FD-277474942E77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{999F163E-D78A-4905-B756-85044601406C}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADF8450E-F37E-41A3-8F93-29733D7D3727}" = lport=445 | protocol=6 | dir=in | app=system |
"{B922937A-90B1-4EFD-87CD-B5255CF282CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C38AD43F-F274-4160-A223-90945E096E07}" = rport=137 | protocol=17 | dir=out | app=system |
"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2814BDE-A750-4CB3-A926-8E5E50C614FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{F114CFB9-306E-472E-B553-805C1AF0654A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7A013AB-52AB-4358-87FC-AD60BC3D19CE}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9959D03-4C73-4CA4-A038-D0A233D2720C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02468A72-90D7-4DFE-9CD3-DAF846E99B5F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2DDC49C3-F88B-4CC6-9AF7-719C324CB215}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |
"{4F7F4565-86E0-471E-83D8-A0D543DAFAEA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6BB2C06C-A218-4B57-BCF0-1B853C28C6C1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7E5BE654-2BC1-4957-AF5E-F9220B3F89AD}" = protocol=1 | dir=in | [email protected],-28543 |
"{7E7A6803-6151-4FEB-8058-361CDD0990FF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |
"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD2CF5AE-F4BB-4664-BDA0-6F53C893F983}" = protocol=58 | dir=out | [email protected],-28546 |
"{CFFE9BD8-3D0C-4D62-B5D9-CA65F06BE9C8}" = protocol=58 | dir=in | [email protected],-28545 |
"{D6D0E379-A0DE-4A83-8906-93C079A9A779}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{E1C1C99E-C42C-40CB-88A6-7DA6F1ABC4C7}C:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |
"UDP Query User{ABDA979A-5A5A-4C1F-95F6-698E648D6615}C:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A3A92EC-A218-4FEE-8A51-05BCD409A048}" = Windows Migration Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CleanUp!" = CleanUp!
"DiskCleaner" = Disk Cleaner (remove only)
"Glary Utilities 4" = Glary Utilities 4.10
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2014 08:07:17 PM | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/5/2014 08:07:34 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2014 08:27:34 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2014 08:51:43 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/5/2014 08:51:44 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/5/2014 08:53:19 PM | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11935
Description =

[ System Events ]
Error - 5/5/2014 08:27:34 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/5/2014 08:52:46 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 5/5/2014 08:52:48 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 5/5/2014 08:52:48 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 5/5/2014 08:52:48 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 5/5/2014 08:52:53 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 5/5/2014 08:54:21 PM | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
Version:      Previous Signature Version: 1.173.1283.0     Update Source: %%859     Update Stage:
%%854     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0

Error
code: 0x80240016     Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 5/5/2014 08:54:21 PM | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
Version:      Previous Signature Version: 1.173.1283.0     Update Source: %%859     Update Stage:
%%854     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0

Error
code: 0x80240016     Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 5/5/2014 08:54:21 PM | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
Version:      Previous Signature Version: 1.173.1283.0     Update Source: %%859     Update Stage:
%%853     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0

#2
Essexboy

Posted 06 May 2014 - 06:49 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, you have the Blackbeard/zeko Trojan. I will need to run two additional programmes to gather the requisite data before I can start cleaning. Although this will remove some bad stuff it will not clear the main infection, I will have to do that manually

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select both shortcut and additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach all 3 logs generated plus the combofix log.

#3
gyberger

Posted 07 May 2014 - 09:24 AM

Member

Topic Starter
Member
13 posts

ComboFix 14-05-07.03 - Admin 05/07/2014   9:27.6.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.1885 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-07 to 2014-05-07 )))))))))))))))))))))))))))))))
.
.
2014-05-07 14:41 . 2014-05-07 14:43 -------- d-----w- c:\users\Admin\AppData\Local\temp
2014-05-07 14:41 . 2014-05-07 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-07 14:41 . 2014-05-07 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-07 14:41 . 2014-05-07 14:41 -------- d-----w- c:\users\AppData\AppData\Local\temp
2014-05-06 15:40 . 2014-05-02 13:26 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BFDC975-7CC7-4FC5-B038-856CC416EB4F}\gapaengine.dll
2014-05-06 15:40 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D43EFF09-2F12-431D-8162-F654B8E79F57}\mpengine.dll
2014-05-06 00:21 . 2014-05-06 00:21 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2014-05-06 00:18 . 2014-05-06 00:18 -------- d-----w- c:\program files\Microsoft ATS
2014-05-04 18:22 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-02 12:37 . 2014-05-07 13:59 -------- d-----w- c:\program files (x86)\Glary Utilities 4
2014-05-01 17:43 . 2014-05-06 00:03 -------- d-----w- c:\users\Admin\AppData\Local\CrashDumps
2014-04-29 23:54 . 2014-04-29 23:54 -------- d-----w- c:\program files\HitmanPro
2014-04-29 13:01 . 2014-04-29 13:01 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 13:00 . 2014-04-29 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-04-29 01:32 . 2014-04-29 01:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-04-29 01:04 . 2014-04-29 01:04 -------- d-----w- c:\programdata\Licenses
2014-04-28 22:11 . 2014-04-28 22:11 -------- dc----w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-25 17:23 . 2014-04-25 17:23 -------- d-----w- c:\program files\CCleaner
2014-04-25 16:04 . 2014-04-25 16:13 -------- d-----w- c:\programdata\HitmanPro
2014-04-25 12:38 . 2014-04-29 23:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-25 08:21 . 2014-04-25 12:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-25 08:21 . 2014-04-25 12:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-25 05:10 . 2014-04-29 23:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-09 14:40 . 2014-02-06 04:21 1212416 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 03:45 . 2014-04-22 22:37 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-04-09 03:44 . 2014-04-22 22:37 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 13:26 . 2013-11-07 15:28 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-23 04:45 . 2010-02-26 17:13 43008 ----a-w- c:\windows\SysWow64\agremove.exe
2014-04-22 22:37 . 2010-02-25 16:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2014-03-31 08:51 . 2006-11-02 12:35 90655440 ----a-w- c:\windows\system32\mrt.exe
2014-03-11 14:52 . 2013-06-19 03:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-07 12:11 . 2014-03-12 14:28 2776064 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . 7BA52C111735CEEE51B34776BAD82037 . 723968 . . [6.0.6000.16386] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-07 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 20:35]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 20:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.msn.com
mSearch Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{11111111-1111-1111-1111-110411901174}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,44,14,ce,55,60
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,b5,37,e0,7e,60,cf,01
.
[HKEY_USERS\S-1-5-21-3402813050-4047483925-927164663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3402813050-4047483925-927164663-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3402813050-4047483925-927164663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3402813050-4047483925-927164663-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3402813050-4047483925-927164663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3402813050-4047483925-927164663-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3402813050-4047483925-927164663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3402813050-4047483925-927164663-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2014-05-07 09:55:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-07 14:55
ComboFix2.txt 2014-04-25 15:05
ComboFix3.txt 2014-04-25 13:26
.
Pre-Run: 226,819,379,200 bytes free
Post-Run: 226,173,890,560 bytes free
.
- - End Of File - - F6E3347FDC2177B3E87236FD4050E26F
5B5E648D12FCADC244C1EC30318E1EB9

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Admin (administrator) on ADMIN-PC on 07-05-2014 09:57:06
Running from C:\Users\Admin\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
() C:\Toshiba\IVP\ISM\pinger.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68C387DF3160CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {EAEE5007-FF2F-46F3-BD1F-148BFDAC541B} URL = http://www.google.co...ng}&rlz=1I7TSHB
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSHB
SearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.co...Page={startPage}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2012-12-24] ()
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2012-12-24] ()
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-11] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2012-12-24] ()
R2 XAudioService; C:\Windows\SysWOW64\DRIVERS\xaudio64.exe [0 2012-12-24] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-24] (<Glarysoft Ltd>)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 IpInIp; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [4608 2009-01-20] (SupportSoft Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 meofboht; \??\C:\Windows\system32\drivers\meofboht.sys [X]
S1 MpKsl4856fa72; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45AA6195-6478-485C-8D42-DD786CABF017}\MpKsl4856fa72.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-07 09:57 - 2014-05-07 09:58 - 00012447 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 09:56 - 2014-05-07 09:57 - 00000000 ____D () C:\FRST
2014-05-07 09:55 - 2014-05-07 09:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 09:43 - 2014-05-07 09:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 09:24 - 2014-05-07 09:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 09:21 - 2014-05-07 09:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 09:18 - 2014-05-07 09:19 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 08:59 - 2014-05-07 09:00 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 08:59 - 2014-05-07 09:00 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 08:56 - 2014-05-07 08:57 - 00003180 _____ () C:\Windows\setupact.log
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 23:54 - 2014-05-06 23:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 10:48 - 2014-05-06 10:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 10:29 - 2014-05-06 10:30 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 10:29 - 2014-05-06 10:30 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 20:12 - 2014-05-05 21:09 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 20:12 - 2014-05-05 20:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 19:52 - 2014-05-05 19:55 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 19:52 - 2014-05-05 19:55 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 19:50 - 2014-05-05 19:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 19:18 - 2014-05-05 19:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 19:18 - 2014-05-05 19:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 19:06 - 2014-05-05 19:06 - 00408608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 18:56 - 2014-05-07 09:50 - 00294062 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 11:44 - 2014-05-05 11:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 08:58 - 2014-05-05 08:59 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 08:58 - 2014-05-05 08:59 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 23:42 - 2014-05-04 23:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-03 00:08 - 2014-05-03 00:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 23:12 - 2014-05-02 23:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 11:11 - 2014-05-02 11:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 10:42 - 2014-05-02 10:44 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 10:42 - 2014-05-02 10:44 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 09:49 - 2014-05-02 09:50 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 09:49 - 2014-05-02 09:50 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 09:41 - 2014-05-02 09:46 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 09:41 - 2014-05-02 09:46 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 09:33 - 2014-05-02 09:34 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 09:33 - 2014-05-02 09:34 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 09:29 - 2014-05-02 09:31 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 09:29 - 2014-05-02 09:31 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 07:37 - 2014-05-07 09:43 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-02 07:37 - 2014-05-07 08:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-02 07:37 - 2014-05-02 07:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 07:37 - 2014-05-02 07:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 07:37 - 2014-05-02 07:37 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
2014-05-02 07:37 - 2014-05-02 07:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-02 07:37 - 2014-05-02 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
2014-05-01 22:46 - 2014-05-01 22:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 12:43 - 2014-05-05 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-01 10:44 - 2014-05-01 10:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 09:53 - 2014-04-30 09:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 19:39 - 2014-05-05 19:11 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-04-29 18:54 - 2014-04-29 18:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 18:54 - 2014-04-29 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-04-29 18:54 - 2014-04-29 18:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 13:33 - 2014-04-29 13:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 09:32 - 2014-04-29 18:48 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 08:01 - 2014-04-29 08:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 08:00 - 2014-04-29 08:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-29 01:31 - 2014-04-29 01:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 22:33 - 2014-04-29 08:16 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-28 20:33 - 2014-04-28 20:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 20:33 - 2014-04-28 20:33 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-04-28 20:04 - 2014-04-28 20:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 17:11 - 2014-04-28 17:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 12:35 - 2014-04-27 12:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 11:04 - 2014-04-26 11:05 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 18:36 - 2014-04-25 18:36 - 00002265 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Migration Assistant.lnk
2014-04-25 12:23 - 2014-04-25 12:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 12:23 - 2014-04-25 12:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 12:23 - 2014-04-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-25 12:23 - 2014-04-25 12:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 11:37 - 2014-04-25 11:38 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 11:13 - 2014-04-25 11:13 - 00000644 _____ () C:\Windows\system32\.crusader
2014-04-25 11:04 - 2014-04-25 11:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 10:54 - 2014-04-25 10:55 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 08:49 - 2014-04-25 08:50 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 08:49 - 2014-04-25 08:50 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 07:38 - 2014-04-29 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 07:35 - 2014-04-25 07:37 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 07:35 - 2014-04-25 07:37 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 06:50 - 2014-04-25 06:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 06:39 - 2014-04-25 06:41 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 06:39 - 2014-04-25 06:41 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 05:13 - 2014-04-25 05:17 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 05:13 - 2014-04-25 05:17 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 04:55 - 2014-04-25 04:57 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 04:55 - 2014-04-25 04:57 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 03:30 - 2014-04-25 03:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 03:21 - 2014-04-25 07:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 03:21 - 2014-04-25 07:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 03:16 - 2014-04-25 03:18 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 03:16 - 2014-04-25 03:18 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-25 02:55 - 2014-04-25 02:57 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-25 02:55 - 2014-04-25 02:57 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-25 01:56 - 2014-04-25 01:58 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-25 01:56 - 2014-04-25 01:58 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-25 01:44 - 2014-04-25 01:46 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-25 01:43 - 2014-04-25 01:46 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-25 00:47 - 2014-04-25 00:49 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-25 00:47 - 2014-04-25 00:49 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-25 00:42 - 2014-04-25 00:44 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-25 00:42 - 2014-04-25 00:44 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-25 00:37 - 2014-04-25 00:39 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-25 00:37 - 2014-04-25 00:39 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-25 00:30 - 2014-04-25 00:33 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-25 00:30 - 2014-04-25 00:33 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-25 00:10 - 2014-04-29 18:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 22:22 - 2014-04-24 22:23 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 22:22 - 2014-04-24 22:23 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 21:11 - 2014-04-24 21:13 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 21:11 - 2014-04-24 21:13 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 20:44 - 2014-04-24 20:46 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 20:44 - 2014-04-24 20:46 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 20:13 - 2014-04-24 20:19 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 20:13 - 2014-04-24 20:19 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 20:04 - 2014-05-07 09:53 - 00000085 _____ () C:\Windows\system32\edsthc.ylh
2014-04-24 19:38 - 2014-05-07 09:43 - 00037888 _____ () C:\Windows\system32\ohayhgz.moe
2014-04-24 19:37 - 2014-05-07 09:43 - 00000107 _____ () C:\Windows\system32\mxglci.geh
2014-04-24 19:37 - 2014-04-24 19:37 - 00000064 _____ () C:\Windows\system32\dyrr.max
2014-04-24 19:21 - 2014-04-24 19:21 - 00301959 ____S () C:\Windows\system32\moekui.skb
2014-04-24 16:35 - 2014-04-24 16:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-24 00:41 - 2014-04-24 00:43 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-24 00:41 - 2014-04-24 00:43 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt
2014-04-10 09:23 - 2014-03-07 23:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 09:23 - 2014-03-07 23:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 09:23 - 2014-03-07 22:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 09:23 - 2014-03-07 22:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 09:23 - 2014-03-07 22:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 09:23 - 2014-03-07 22:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 09:23 - 2014-03-07 22:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 09:23 - 2014-03-07 22:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 09:23 - 2014-03-07 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 09:23 - 2014-03-07 22:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 09:23 - 2014-03-07 22:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 09:23 - 2014-03-07 22:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 09:23 - 2014-03-07 22:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 09:23 - 2014-03-07 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 09:23 - 2014-03-07 22:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 09:23 - 2014-03-07 22:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 09:23 - 2014-03-07 18:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 09:23 - 2014-03-07 18:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 09:23 - 2014-03-07 18:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 09:23 - 2014-03-07 18:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 09:23 - 2014-03-07 18:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 09:23 - 2014-03-07 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 09:23 - 2014-03-07 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 09:23 - 2014-03-07 17:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 09:23 - 2014-03-07 17:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 09:23 - 2014-03-07 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 09:23 - 2014-03-07 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 09:23 - 2014-03-07 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 09:23 - 2014-03-07 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 09:23 - 2014-03-07 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 09:23 - 2014-03-07 17:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 09:23 - 2014-03-07 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 09:40 - 2014-02-05 23:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 09:40 - 2014-02-05 20:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 22:45 - 2014-04-22 17:37 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-04-08 22:44 - 2014-04-22 17:37 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe

==================== One Month Modified Files and Folders =======

2014-05-07 09:58 - 2014-05-07 09:57 - 00012447 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 09:57 - 2014-05-07 09:56 - 00000000 ____D () C:\FRST
2014-05-07 09:55 - 2014-05-07 09:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 09:55 - 2011-10-01 21:10 - 00000000 ____D () C:\Qoobox
2014-05-07 09:53 - 2014-04-24 20:04 - 00000085 _____ () C:\Windows\system32\edsthc.ylh
2014-05-07 09:50 - 2014-05-07 09:24 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 09:50 - 2014-05-05 18:56 - 00294062 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 09:50 - 2006-11-02 07:46 - 00795200 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 09:43 - 2014-05-07 09:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 09:43 - 2014-05-02 07:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-07 09:43 - 2014-04-24 19:38 - 00037888 _____ () C:\Windows\system32\ohayhgz.moe
2014-05-07 09:43 - 2014-04-24 19:37 - 00000107 _____ () C:\Windows\system32\mxglci.geh
2014-05-07 09:43 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 09:43 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 09:43 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 09:43 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-07 09:41 - 2006-11-02 10:42 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 09:21 - 2014-05-07 09:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 09:19 - 2014-05-07 09:18 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 09:00 - 2014-05-07 08:59 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 09:00 - 2014-05-07 08:59 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 08:59 - 2014-05-02 07:37 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-07 08:57 - 2014-05-07 08:56 - 00003180 _____ () C:\Windows\setupact.log
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 23:54 - 2014-05-06 23:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 10:49 - 2014-05-06 10:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 10:30 - 2014-05-06 10:29 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 10:30 - 2014-05-06 10:29 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 21:09 - 2014-05-05 20:12 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 20:12 - 2014-05-05 20:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 19:55 - 2014-05-05 19:52 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 19:55 - 2014-05-05 19:52 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 19:50 - 2014-05-05 19:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 19:18 - 2014-05-05 19:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 19:18 - 2014-05-05 19:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 19:11 - 2014-04-29 19:39 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-05-05 19:06 - 2014-05-05 19:06 - 00408608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 19:03 - 2014-05-01 12:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-05 18:51 - 2010-10-16 16:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Disk Cleaner
2014-05-05 18:48 - 2011-06-01 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-05 11:44 - 2014-05-05 11:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 08:59 - 2014-05-05 08:58 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 08:59 - 2014-05-05 08:58 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 23:43 - 2014-05-04 23:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-03 00:09 - 2014-05-03 00:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 23:12 - 2014-05-02 23:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 13:25 - 2009-03-10 11:35 - 00000000 ____D () C:\Users\Admin\Documents\SCA
2014-05-02 11:11 - 2014-05-02 11:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 10:44 - 2014-05-02 10:42 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 10:44 - 2014-05-02 10:42 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 09:50 - 2014-05-02 09:49 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 09:50 - 2014-05-02 09:49 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 09:46 - 2014-05-02 09:41 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 09:46 - 2014-05-02 09:41 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 09:34 - 2014-05-02 09:33 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 09:34 - 2014-05-02 09:33 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 09:31 - 2014-05-02 09:29 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 09:31 - 2014-05-02 09:29 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 07:37 - 2014-05-02 07:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 07:37 - 2014-05-02 07:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 07:37 - 2014-05-02 07:37 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
2014-05-02 07:37 - 2014-05-02 07:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-02 07:37 - 2014-05-02 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
2014-05-02 07:37 - 2010-07-22 20:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GlarySoft
2014-05-01 22:47 - 2014-05-01 22:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 10:45 - 2014-05-01 10:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-05-01 10:35 - 2013-07-09 09:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 09:54 - 2014-04-30 09:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 22:52 - 2009-03-09 15:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-04-29 18:54 - 2014-04-29 18:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 18:54 - 2014-04-29 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-04-29 18:54 - 2014-04-29 18:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 18:48 - 2014-04-29 09:32 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 18:48 - 2014-04-25 07:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-29 18:04 - 2014-04-25 00:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 13:33 - 2014-04-29 13:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 08:16 - 2014-04-28 22:33 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-29 08:01 - 2014-04-29 08:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 08:00 - 2014-04-29 08:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-29 07:53 - 2008-05-13 21:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-29 01:32 - 2014-04-29 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 20:34 - 2012-09-05 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-28 20:34 - 2009-03-09 15:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-04-28 20:33 - 2014-04-28 20:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 20:33 - 2014-04-28 20:33 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-04-28 20:32 - 2008-05-13 21:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-28 20:04 - 2014-04-28 20:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 17:11 - 2014-04-28 17:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 12:35 - 2014-04-27 12:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 11:59 - 2013-11-05 18:15 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2014-04-26 11:05 - 2014-04-26 11:04 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 18:36 - 2014-04-25 18:36 - 00002265 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Migration Assistant.lnk
2014-04-25 12:23 - 2014-04-25 12:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 12:23 - 2014-04-25 12:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 12:23 - 2014-04-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-25 12:23 - 2014-04-25 12:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 11:38 - 2014-04-25 11:37 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 11:13 - 2014-04-25 11:13 - 00000644 _____ () C:\Windows\system32\.crusader
2014-04-25 11:13 - 2014-04-25 11:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 10:55 - 2014-04-25 10:54 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 09:36 - 2009-03-13 09:30 - 00000000 ____D () C:\Users\Admin\Documents\Ccleaner Backups
2014-04-25 08:50 - 2014-04-25 08:49 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 08:50 - 2014-04-25 08:49 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 07:37 - 2014-04-25 07:35 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 07:37 - 2014-04-25 07:35 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 07:27 - 2014-04-25 03:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 07:26 - 2014-04-25 03:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 06:50 - 2014-04-25 06:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 06:41 - 2014-04-25 06:39 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 06:41 - 2014-04-25 06:39 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 05:17 - 2014-04-25 05:13 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 05:17 - 2014-04-25 05:13 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 04:57 - 2014-04-25 04:55 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 04:57 - 2014-04-25 04:55 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 03:30 - 2014-04-25 03:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 03:18 - 2014-04-25 03:16 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 03:18 - 2014-04-25 03:16 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-25 03:06 - 2013-10-04 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-25 02:57 - 2014-04-25 02:55 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-25 02:57 - 2014-04-25 02:55 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-25 02:48 - 2013-10-18 03:00 - 00000000 ____D () C:\Windows\Temp4E9E6806-5F76-705D-AC0F-85C045A95512-Signatures
2014-04-25 02:07 - 2013-10-04 01:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-25 02:07 - 2013-06-15 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-25 01:58 - 2014-04-25 01:56 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-25 01:58 - 2014-04-25 01:56 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-25 01:46 - 2014-04-25 01:44 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-25 01:46 - 2014-04-25 01:43 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-25 00:49 - 2014-04-25 00:47 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-25 00:49 - 2014-04-25 00:47 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-25 00:44 - 2014-04-25 00:42 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-25 00:44 - 2014-04-25 00:42 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-25 00:39 - 2014-04-25 00:37 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-25 00:39 - 2014-04-25 00:37 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-25 00:33 - 2014-04-25 00:30 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-25 00:33 - 2014-04-25 00:30 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-24 23:22 - 2009-03-09 15:33 - 00000000 ____D () C:\Users\Admin
2014-04-24 23:21 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-24 23:15 - 2006-11-02 07:33 - 92012544 _____ () C:\Windows\system32\config\software_previous
2014-04-24 23:15 - 2006-11-02 07:33 - 53477376 _____ () C:\Windows\system32\config\components_previous
2014-04-24 23:15 - 2006-11-02 07:33 - 22282240 _____ () C:\Windows\system32\config\system_previous
2014-04-24 23:15 - 2006-11-02 07:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-04-24 23:15 - 2006-11-02 07:33 - 00053248 _____ () C:\Windows\system32\config\sam_previous
2014-04-24 23:15 - 2006-11-02 07:33 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-04-24 23:14 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\spool
2014-04-24 23:14 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration
2014-04-24 22:23 - 2014-04-24 22:22 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 22:23 - 2014-04-24 22:22 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 21:28 - 2009-03-10 08:43 - 00001460 _____ () C:\Users\Admin\AppData\Local\d3d9caps64.dat
2014-04-24 21:26 - 2009-03-12 11:41 - 00001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-04-24 21:13 - 2014-04-24 21:11 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 21:13 - 2014-04-24 21:11 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 20:46 - 2014-04-24 20:44 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 20:46 - 2014-04-24 20:44 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 20:19 - 2014-04-24 20:13 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 20:19 - 2014-04-24 20:13 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 19:57 - 2009-03-09 15:34 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 19:37 - 2014-04-24 19:37 - 00000064 _____ () C:\Windows\system32\dyrr.max
2014-04-24 19:21 - 2014-04-24 19:21 - 00301959 ____S () C:\Windows\system32\moekui.skb
2014-04-24 16:35 - 2014-04-24 16:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-24 00:45 - 2013-06-15 18:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-04-24 00:45 - 2013-06-15 18:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2014-04-24 00:43 - 2014-04-24 00:41 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-24 00:43 - 2014-04-24 00:41 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt
2014-04-22 23:45 - 2010-02-26 12:13 - 00043008 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2014-04-22 17:37 - 2014-04-08 22:45 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-04-22 17:37 - 2014-04-08 22:44 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-04-22 17:37 - 2010-02-25 11:28 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-04-17 14:38 - 2011-05-24 15:33 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 14:36 - 2011-09-23 13:10 - 00000000 ____D () C:\Program Files (x86)\PlayItAll
2014-04-17 14:26 - 2009-03-10 09:30 - 00000000 ____D () C:\Program Files (x86)\Defraggler
2014-04-17 14:25 - 2010-11-19 13:22 - 00001785 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-04-17 14:20 - 2009-04-17 18:59 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 09:28 - 2009-02-24 03:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 09:23 - 2013-07-10 11:26 - 00000000 ____D () C:\Windows\system32\MRT

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\@
C:\Windows\assembly\tmp\cfg.ini
C:\Windows\assembly\tmp\lsflt7.ver

Files to move or delete:
====================
C:\Users\Admin\dxdllreg.exe
C:\Users\Admin\jagex_runescape_preferences.dat
C:\Users\Admin\jagex_runescape_preferences2.dat
C:\Users\Admin\jagex__preferences3.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-30 06:43] - [2009-04-11 02:11] - 0723968 ____A (Microsoft Corporation) 7BA52C111735CEEE51B34776BAD82037

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-07 09:49

==================== End Of Log ============================

Users shortcut scan result (x64) Version: 07-05-2014
Ran by Admin at 2014-05-07 10:00:34
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\Users\Admin\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos (No File)
Shortcut: C:\Users\Admin\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Admin\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music (No File)
Shortcut: C:\Users\Admin\Links\Music.lnk -> C:\Users\Admin\Music ()
Shortcut: C:\Users\Admin\Links\Pictures.lnk -> C:\Users\Admin\Pictures ()
Shortcut: C:\Users\Admin\Links\Public.lnk -> C:\Users\Public ()
Shortcut: C:\Users\Admin\Links\Recently Changed.lnk -> C:\Users\Admin\Searches\Recently Changed.search-ms ()
Shortcut: C:\Users\Admin\Links\Searches.lnk -> C:\Users\Admin\Searches ()
Shortcut: C:\Users\Admin\Documents\SCA\MSU CHEERLEADERS\JAMIE choreography invoice October 3.LNK -> C:\Users\Admin\Documents\SCA\2012 NCSSE Invoices\JAMIE choreography invoice October 3.doc (No File)
Shortcut: C:\Users\Admin\Documents\SCA\MSU CHEERLEADERS\Leighe clinic invoice 9-29.LNK -> C:\Users\Admin\Documents\SCA\2012 NCSSE Invoices\Leighe clinic invoice 9-29.doc (No File)
Shortcut: C:\Users\Admin\Desktop\Auslogics Disk Defrag.lnk -> C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
Shortcut: C:\Users\Admin\Desktop\Documents.lnk -> C:\Users\Admin\Documents ()
Shortcut: C:\Users\Admin\Desktop\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler.lnk -> C:\Program Files\Defraggler\Defraggler64.exe (Piriform Ltd)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler\Uninstall Defraggler.lnk -> C:\Program Files\Defraggler\uninst.exe (Piriform Ltd)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Disk Cleaner.lnk -> C:\Program Files (x86)\Disk Cleaner\dclean.exe ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk -> C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk -> C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Disc Creator Help.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Recovery Disc Creator\TrdcHelp.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Disc Creator.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Recovery Disc Creator\TRDCLcher.exe (Toshiba Information Equipment(Hangzhou)Co.,LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Registration.lnk -> C:\Program Files (x86)\Toshiba Registration\Registration.exe (DataLode, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk -> C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk -> C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk -> C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\Movie Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Migration Assistant.lnk -> C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\MOVIEMK.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk -> C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Windows Media Encoder.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Encoding Script.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\WMEncUtil.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media File Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmeditor.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Profile Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media\Utilities\Windows Media Stream Editor.lnk -> C:\Program Files (x86)\Windows Media Components\Encoder\wmstreamedt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Support\Support Options.lnk -> C:\Program Files (x86)\Toshiba\Toshiba Support Options\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER\TOSHIBA DVD PLAYER Help.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\Doc\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER\TOSHIBA DVD PLAYER.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TosHDDVD.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Software Upgrades.lnk -> C:\Toshiba\IVP\swupdate\swupdate.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HWSetup.lnk -> C:\Program Files\TOSHIBA\Utilities\HWSETUP.EXE (TOSHIBA Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\Toshiba\PCDiag\PCDiag.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Restart Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcRst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Settings for Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcConf\TfcConf.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Assist.lnk -> C:\Program Files\TOSHIBA\Toshiba Assist\TInTouch.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Zooming Utility Help.lnk -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Zooming Utility.lnk -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Configure Microphone.lnk -> C:\Program Files\TOSHIBA\Speech System NLS\TosSrWsN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Read me.lnk -> C:\Program Files\TOSHIBA\Speech System NLS\ReadmeUS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\TOSHIBA Speech System Help.lnk -> C:\Program Files\TOSHIBA\Speech System NLS\Tossps.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Voice Commands.lnk -> C:\Program Files\TOSHIBA\Speech System NLS\TosvceN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Web Speak.lnk -> C:\Program Files\TOSHIBA\Speech System NLS\ToswbrN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Networking\Modem Region Select.lnk -> C:\Windows\SysWOW64\cselect.exe (Toshiba Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator Help.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\DVD-RAM Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\TosRamUtil.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Information Exchanger.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Settings.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Remote Camera.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\User's Guide.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\UsrGuide.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Wireless File Transfer.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Re-install MS Works.lnk -> C:\WORKSSETUP\MSWORKS\Setup.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Glary Utilities 4.lnk -> C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Uninstall.lnk -> C:\Program Files (x86)\Glary Utilities 4\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Website.lnk -> C:\Program Files (x86)\Glary Utilities 4\Glary Utilities 4.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PurblePlace.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Fonts\EZ Fonts.lnk -> C:\Windows\Installer\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}\_45DBCCAB728CFD7340D3E9.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Fonts\Uninstall.lnk -> C:\Windows\Installer\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}\_F2CEDCDD864BFD8B2D71C9.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA\Read Me.lnk -> C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5\Readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory for TOSHIBA Launcher.lnk -> C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5\DMFLauncher.exe (Ulead Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA\User Manual\DVD MovieFactory User Manual.lnk -> C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5\DVDMF_toshiba.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler.lnk -> C:\Program Files (x86)\Defraggler\Defraggler64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Uninstall Defraggler.lnk -> C:\Program Files (x86)\Defraggler\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerCinema for TOSHIBA\PowerCinema for TOSHIBA.lnk -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerCinema for TOSHIBA\Readme.lnk -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Customizations\Generic\Readme\Enu\Readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\CleanUp! Help.lnk -> C:\Program Files (x86)\CleanUp!\CleanUp.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\CleanUp! Web Site.lnk -> C:\Program Files (x86)\CleanUp!\CleanUp! Web Site.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\CleanUp!.lnk -> C:\Program Files (x86)\CleanUp!\Cleanup.exe (Steven R. Gould)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\Uninstall.lnk -> C:\Program Files (x86)\CleanUp!\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera Assistant Software\Camera Assistant Software.lnk -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk -> C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk -> C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\SysWOW64\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\migwiz.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0\InkBall.lnk -> C:\Program Files\Microsoft Games\inkball\inkball.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\CyberLink\PowerCinema\Extension\Extension.1.0.lnk -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\Highlight\Extension.1.0\Extension.1.0.xml ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Defraggler.lnk -> C:\Program Files (x86)\Defraggler\Defraggler64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Glary Utilities 4.lnk -> C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk -> C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe (Microsoft Corporation)

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\- TOSHIBA Game Console -.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsole-wt.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Battlestar Galactica.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Battlestar Galactica\BSG-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\Chuzzle-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\FATE.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\FATE\Fate-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Mah Jong Quest.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Mah Jong Quest\mahjong-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Mystery P.I. - The Lottery Ticket.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Mystery P.I. - The Lottery Ticket\MysteryPI-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Penguins!.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Penguins!\penguins-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Polar Bowler.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Polar-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Polar Golfer.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Polar Golfer\golf-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games\Virtual Villagers - A New Home.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers - A New Home\VirtualVillagers-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards Help.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> "C:\Program Files\TOSHIBA\FlashCards\Help\TFC.chm"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Face Recognition Help.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> C:\Program Files\Toshiba\\SmartFaceV\Help\TOSHIBA Face Recognition.chm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Face Recognition.lnk -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVSetting.exe () -> C:\Program Files\Toshiba\\SmartFaceV\Help\SmartFace.chm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting\NetWaiting.lnk -> C:\Program Files (x86)\NetWaiting\NetWaiting.exe (BVRP) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe () -> /design
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestoreCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- TOSHIBA Game Console -.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsole-wt.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\CleanUp! (demo mode).lnk -> C:\Program Files (x86)\CleanUp!\Cleanup.exe (Steven R. Gould) -> /demo
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Reliability and Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.WelcomeCenter
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD

InternetURL: C:\Users\Admin\Favorites\All Sermons World Challenge.url -> hxxp://www.worldchallenge.org/en/view/sermons?filter0=&filter1=1&filter2=**ALL**&filter3=**ALL**&filter4=**ALL**&filter5=**ALL**
InternetURL: C:\Users\Admin\Favorites\How to Backup Windows Live Mail 2011.url -> hxxp://www.emailquestions.com/windows-live-mail/2487-backup-windows-live-mail-2011-a.html
InternetURL: C:\Users\Admin\Favorites\http--www.christianityoasis.com-EndTimes-FalsePeace.htm.url -> hxxp://www.christianityoasis.com/EndTimes/FalsePeace.htm
InternetURL: C:\Users\Admin\Favorites\JAMfest Cheer and Dance Competitions Dates.url -> hxxp://www.jamfest.com/Competitions.php
InternetURL: C:\Users\Admin\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Admin\Favorites\Toshiba\Model Content Page.url -> hxxp://www.csd.toshiba.com/cgi-bin/tais/support/jsp/modelContent.jsp?modelFilter=&rpn=PSPD8U&category=&selCategory=2756709&moid=2232777&os=&ct=DL&selFamily=1073768663
InternetURL: C:\Users\Admin\Favorites\Toshiba\Toshiba Direct.url -> hxxp://www.toshibadirect.com/td/b2c/home.to
InternetURL: C:\Users\Admin\Favorites\Toshiba\Toshiba Product Registration.url -> hxxp://toshibaproductregistration.com/
InternetURL: C:\Users\Admin\Favorites\Toshiba\Toshiba Support.url -> hxxp://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_home.jsp
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Users\Admin\Favorites\Links\Audio ads playing in background [Removal Guide] malwareremovalguides.url -> hxxp://www.malwareremovalguides.info/audio-ads-playing-in-background-removal-guide/
InternetURL: C:\Users\Admin\Favorites\Links\Microsoft Fix it Solution Center troubleshooting software issues.url -> hxxp://support.microsoft.com/fixit/
InternetURL: C:\Users\Admin\Favorites\Links\need help removing audio ads malware - Virus, Spyware, Malware Removal.url -> hxxp://www.geekstogo.com/forum/topic/339039-need-help-removing-audio-ads-malware/
InternetURL: C:\Users\Admin\Favorites\Links\Remove Random audio ads in background (Virus Removal Guide).url -> hxxp://malwaretips.com/blogs/remove-random-audio-ads-virus/
InternetURL: C:\Users\Admin\Favorites\Links\SUPERAntiSpyware - Geeks to Go Forum.url -> hxxp://www.geekstogo.com/forum/files/file/24-superantispyware/
InternetURL: C:\Users\Admin\Favorites\Gun Manuals\http--www.jgsales.com-manuals-SKS.pdf.url -> hxxp://www.jgsales.com/manuals/SKS.pdf
InternetURL: C:\Users\Admin\Favorites\Gun Manuals\http--www.victorinc.com-sksmanual.pdf.url -> hxxp://www.victorinc.com/sksmanual.pdf
InternetURL: C:\Users\Admin\Favorites\Gun Manuals\Sks Aks Ak 47 Owner's Manual.url -> hxxp://www.scribd.com/doc/21565076/Sks-Aks-Ak-47-Owner-s-Manual
InternetURL: C:\Users\Admin\Favorites\Gun Manuals\SKS Manual The Firearm Blog.url -> hxxp://www.thefirearmblog.com/blog/2007/08/23/sks-manual/
InternetURL: C:\Users\Admin\Favorites\Gun Manuals\“Survivors” SKS FAQ.url -> hxxp://victorinc.com/SKS-FAQ.html
InternetURL: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler Homepage.url -> hxxp://www.defraggler.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler Homepage.url -> hxxp://www.piriform.com/defraggler
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\ Check Your PC Performance.url -> hxxp://www.auslogics.com/en/cpages/free-system-scan/?source=smenu&reason=disk-defrag
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url -> hxxp://www.auslogics.com/en/software/disk-defrag
InternetURL: C:\Users\Default\Favorites\Intuit QuickBooks Financial Center.url -> hxxp://www.quickbooksdirect.com/toshibafc
InternetURL: C:\Users\Default\Favorites\Lojack for Laptops.url -> hxxp://www.lojackforlaptops.com/landing.asp?id=F05F4FAC-ED89-4BE0-A26E-1C29DC7EBB08
InternetURL: C:\Users\Default\Favorites\Office Live.url -> hxxp://officeliveoffers.com/toshiba/default.htm
InternetURL: C:\Users\Default\Favorites\PhotoWorks.url -> hxxp://toshiba.photoworks.com/
InternetURL: C:\Users\Default\Favorites\Shutterfly.url -> hxxp://www.shutterfly.com/toshiba
InternetURL: C:\Users\Default\Favorites\Skype.url -> hxxp://www.skype.com/go/ToshibaTAIS
InternetURL: C:\Users\Default\Favorites\Toshiba Games.url -> res://ieframe.dll/dnserror.htm
InternetURL: C:\Users\Default\Favorites\Toshiba\Toshiba Direct.url -> hxxp://www.toshibadirect.com/td/b2c/home.to
InternetURL: C:\Users\Default\Favorites\Toshiba\Toshiba Product Registration.url -> hxxp://toshibaproductregistration.com/
InternetURL: C:\Users\Default\Favorites\Toshiba\Toshiba Support.url -> hxxp://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_home.jsp

==================== End of log =============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by Admin at 2014-05-07 09:59:15
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Atheros Client Utility (HKLM-x32\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: 7.7 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}) (Version: 2.2.10 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{99A4344A-C723-4661-A507-D9D939480358}) (Version: 1.0.16 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{CD344FA5-6657-47CD-940F-8727EED35595}) (Version: 1.1.3 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.10.0 - Conexant)
CyberLink PowerCinema for TOSHIBA (x32 Version: 6.0.1616 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version: - )
DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
Glary Utilities 4.10 (HKLM-x32\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (HKLM\...\{387D9916-BD27-480f-8CF0-3228832BBAA2}) (Version: 10.0 - HP)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java™ 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.57.4.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}) (Version: 3.23 - O2Micro)
PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 2.0.2.64 - TOSHIBA) Hidden
TOSHIBA Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.50 - WildTangent)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}) (Version: - )
TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) Hidden
TOSHIBA PowerCinema Helper (HKLM-x32\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Upgrades (HKLM-x32\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}) (Version: - )
TOSHIBA Supervisor Password (Version: 3.00.01.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (Version: 1.1.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.1.19.64 - TOSHIBA Corporation) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Migration Assistant (HKLM-x32\...\{1A3A92EC-A218-4FEE-8A51-05BCD409A048}) (Version: 1.0.5.6 - Apple Inc.)

==================== Restore Points =========================

06-05-2014 00:51:43 Windows Update
06-05-2014 15:29:23 Windows Update
07-05-2014 13:59:09 Windows Update

==================== Hosts content: ==========================

2011-10-01 21:28 - 2014-05-07 09:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1599547B-2DFD-447C-9C99-2D19B14D5FF1} - System32\Tasks\{1751309A-64FC-429C-A36B-605FA662BC78} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {20628802-42FE-4C92-AA3C-D2384B240DE6} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {864AF51A-4DB8-4ECA-8698-4740BA3217C2} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {9FFE3909-1161-4238-8C85-99A60DE81B0B} - System32\Tasks\{0BEA3C2E-45DC-4E95-96BC-CF2B230D9DDA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {A469BF70-7163-4BC3-8E9C-E5BA2F6DDC00} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)
Task: {AFA6B1E1-C8AE-41D7-B083-EABF075D4D2A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {C86DC14B-9C5A-4C07-AC90-E3870B09C261} - System32\Tasks\{23331D86-63C5-4A92-96A7-82ADD63FBD56} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {C9BAF018-A0E0-4CF3-ACCE-797944E2956C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CA866663-2913-4256-ADE7-0ACF97769B29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F9D82AD6-CDDA-4854-9F61-BDCE4BD130E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-04 02:36 - 2012-07-04 02:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-05-13 21:22 - 2007-01-25 20:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-05-13 21:22 - 2007-10-23 18:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2008-04-24 21:25 - 2008-04-24 21:25 - 00135680 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 07553024 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 01032704 _____ () C:\Windows\system32\FaceRec.dll
2012-07-04 00:09 - 2012-07-04 00:09 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2014 09:51:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module ieframe.dll, version 9.0.8112.16545, time stamp 0x531a96d4, exception code 0xc0000005, fault offset 0x0000000000132807,
process id 0x368, application start time 0xsvchost.exe0.

Error: (05/07/2014 09:45:34 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118, exception code 0xc0000005, fault offset 0x00000000000056ad,
process id 0x3cc, application start time 0xsvchost.exe0.

Error: (05/07/2014 09:43:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 09:36:45 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module ieframe.dll, version 9.0.8112.16545, time stamp 0x531a96d4, exception code 0xc0000005, fault offset 0x0000000000132807,
process id 0x3f4, application start time 0xsvchost.exe0.

Error: (05/07/2014 09:04:26 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 09:00:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY) (EventID: 11935)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}

Error: (05/07/2014 08:59:09 AM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 513)
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (05/07/2014 08:59:05 AM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 513)
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (05/07/2014 08:55:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 00:06:18 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module ieframe.dll, version 9.0.8112.16545, time stamp 0x531a96d4, exception code 0xc0000005, fault offset 0x0000000000132807,
process id 0x1150, application start time 0xsvchost.exe0.

System errors:
=============
Error: (05/07/2014 09:43:54 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Beep

Error: (05/07/2014 09:43:54 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: TOSHIBA Optical Disc Drive Service%%2

Error: (05/07/2014 09:43:54 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Apple Mobile Device%%1053

Error: (05/07/2014 09:43:54 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: 30000Apple Mobile Device

Error: (05/07/2014 09:41:48 AM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: PEVSystemStart

Error: (05/07/2014 09:40:23 AM) (Source: Application Popup) (User: ) (EventID: 1060)
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/07/2014 09:34:14 AM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: PEVSystemStart

Error: (05/07/2014 09:04:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Beep

Error: (05/07/2014 09:04:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: TOSHIBA Optical Disc Drive Service%%2

Error: (05/07/2014 09:04:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Apple Mobile Device%%1053

Microsoft Office Sessions:
=========================
Error: (05/07/2014 09:51:46 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.0.6001.1800047919291ieframe.dll9.0.8112.16545531a96d4c0000005000000000013280736801cf6a02b550ec59

Error: (05/07/2014 09:45:34 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.0.6001.1800047919291msvcrt.dll7.0.6002.185514ee8d118c000000500000000000056ad3cc01cf6a02aa0662b0

Error: (05/07/2014 09:36:45 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.0.6001.1800047919291ieframe.dll9.0.8112.16545531a96d4c000000500000000001328073f401cf69fd30762df7

Error: (05/07/2014 08:59:09 AM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 513)
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (05/07/2014 08:59:05 AM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 513)
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (05/07/2014 00:06:18 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.0.6001.1800047919291ieframe.dll9.0.8112.16545531a96d4c00000050000000000132807115001cf69b00568d656

CodeIntegrity Errors:
===================================
Date: 2014-05-07 09:58:59.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:57.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:56.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:55.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:54.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:53.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:51.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:58:50.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-07 09:40:23.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-07 09:40:22.513
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3837.41 MB
Available physical RAM: 1873.96 MB
Total Pagefile: 7895.36 MB
Available Pagefile: 5629.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SQ004732V03) (Fixed) (Total:288.67 GB) (Free:210.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.72 GB) (Free:3.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 445C445B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#4
gyberger

Posted 07 May 2014 - 09:36 AM

Member

Topic Starter
Member
13 posts

Ads still running in background.....ok?

#5
Essexboy

Posted 07 May 2014 - 10:17 AM

GeekU Moderator

Retired Staff
69,964 posts

The malware has destroyed all other copies of the file I need to replace.. I will be back shortly with a spare copy and the fix

#6
Essexboy

Posted 07 May 2014 - 10:34 AM

GeekU Moderator

Retired Staff
69,964 posts

Download the attached zip file to your desktop
[attachment=70422:rpcss.zip]
Unzip the file and place it on the root of your drive i.e. :

C:\rpcss.dll

Download the attached Fixlist.txt to the same location as FRST
[attachment=70423:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that

#7
gyberger

Posted 08 May 2014 - 12:21 PM

Member

Topic Starter
Member
13 posts

Thanks
Will be back in town tonight. I will let you know how it goes

#8
Essexboy

Posted 08 May 2014 - 12:28 PM

GeekU Moderator

Retired Staff
69,964 posts

OK :thumbsup:

#9
gyberger

Posted 08 May 2014 - 04:35 PM

Member

Topic Starter
Member
13 posts

how long should it take to fix......Just black screen with cursor for 10 minutes so far????

#10
gyberger

Posted 08 May 2014 - 04:54 PM

Member

Topic Starter
Member
13 posts

still hasn't changed. Black screen with cursor. Help!

#11
gyberger

Posted 08 May 2014 - 05:19 PM

Member

Topic Starter
Member
13 posts

Still no change....waiting on your reply

#12
gyberger

Posted 08 May 2014 - 10:44 PM

Member

Topic Starter
Member
13 posts

Do i need to F8 and "repair computer"?

#13
Essexboy

Posted 09 May 2014 - 06:29 AM

GeekU Moderator

Retired Staff
69,964 posts

Restart the computer please and let me know what happens

#14
gyberger

Posted 09 May 2014 - 08:07 AM

Member

Topic Starter
Member
13 posts

goes to black screen.....cursor shows

#15
gyberger

Posted 09 May 2014 - 08:11 AM

Member

Topic Starter
Member
13 posts

Did forced shutdown(held power button down). Says windows was not shut down properly. Give options of safe mode ,start normally etc.
Picked safe mode and normally....both results go to black screen with cursor