Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running high cpu [Closed]

highcpu laptop virus svchost

  • This topic is locked This topic is locked

#1
Celticsfan4

Celticsfan4

    New Member

  • Member
  • Pip
  • 6 posts

Recently i have been suffering a problem with my Toshiba laptop. The computer has been running extremely slow. I checked with the Task Manager and its been at around 30% physical memory and 100% CPU. I also saw that the svchost.exe process was eating up memory. I've had problems with this before on other computers, and trying what i have on those hasnt seemed to have worked on this one. I would like some assistence maybe with fixing it. I did run a Malwarebytes scan on the entire computer, and it says it has quarantined everything, however it didnt fix the problem. I will paste the log to show what it found and supposedly fixed. Thank you to anyone willing to spend theyre time on this.

 

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/13/2014
Scan Time: 1:55:49 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.13.05
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Matthew
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 548689
Time Elapsed: 6 hr, 26 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 20
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [87f828758cef49ed23497221a65b32ce], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [0c73732a304bde58b2a0bad08b77b14f], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [166989144a31e452a0db8fffbc46d52b], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [5b240697354678be2e8fc68bcf33629e], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, , [1966b7e6adce7bbba015ba98d23053ad], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, , [156ad0cd6b1058dea411a0b2cc36ba46], 
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, , [e19e8e0f057600366290c5c5e31f8b75], 
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, , [631cf3aa89f21e187c767a107f83ca36], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [5a25158880fb50e693b595f4e71ab24e], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, , [007f287507741e18e59f12acd230ba46], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, , [d0afe0bd235849ed93f1fcc2cf33e31d], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, , [621d702d52294cea661f2d9103ffd927], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, , [ccb304995427ed496c56ab1e6f93659b], 
PUP.Software.Updater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [1f60a7f68cef46f0f69b34b4778b34cc], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, , [7f001a83f982bf773429e0dd1be74db3], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, , [e59a9b02e893e353f2177a41e81aa858], 
PUP.Optional.SProtector.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, , [eb94a4f9fe7dd0664d3dcd2c53b09070], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, , [8df2ecb1116a1f174aed517543bfc937], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, , [82fdeab35724de589a9ecef8a65c6e92], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [cbb4aeefccaf043228d8aa26e61ce61a], 
 
Registry Values: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, , [7f001a83f982bf773429e0dd1be74db3]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [5d22623b443751e56bd133863ec40bf5]
 
Registry Data: 9
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[1e61f7a648337fb79d983a5ff014d52b]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[afd07726f982152139fdbadf42c24bb5]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[3847a0fdf2899d990b2c4059897b2fd1]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.helperba...earchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[a8d78419b1ca70c6c8cc672dfd07a15f]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.helperba...hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[09760598651675c1860f83110afae31d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperba...earchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[156a8a13fa81f541860dfa9a8b79a25e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperba...earchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[354a4f4e5823092d098d405418ec6a96]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperba...earchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[1f60bae383f83cfa07904b499a6aef11]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4290186200-348354016-3305875341-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperba...earchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=0ebc057d-c09f-4a2a-b3b9-1079434dea22&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[443b227b7308c472f49ea5ef40c43ac6]
 
Folders: 32
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\Logs, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\Logs, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\Logs, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\Logs, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\rep, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\STG, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\UI, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\UI\rep, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.Extutil.A, C:\Users\Matthew\AppData\Local\temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [f48b89147605a5911567962009f933cd], 
PUP.Optional.Managera.A, C:\Users\Matthew\AppData\Local\temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [38476f2e3744f046ccb1e0d6dc26926e], 
 
Files: 155
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, , [87f828758cef49ed23497221a65b32ce], 
Trojan.Malpack.Gen, C:\hvbk.pif, , [5e2127768bf0280e663516e332cefc04], 
Backdoor.Bot, C:\Program Files\CE Remote Tools\5.01\bin\cczoom.exe, , [83fcd7c6601b0630aac66616827f3bc5], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPTool.dll, , [28570c91dba059dd85e7d3c0fc0506fa], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1389824124459, , [fa859c01275466d0dc9ae83d1ce5c937], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1390909514179, , [3b4456475e1d8caad3a32ff6ae53f10f], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1390909514276, , [017ecad3b7c457dfa8ce7ca9a75a8779], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391018263714, , [f58a8815582379bd274f8f9613ee44bc], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391018263771, , [6e118b121764082e6412968f857c768a], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391384704629, , [403f435ad7a49a9c3d39c95c0ef328d8], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391384704723, , [126db6e7522959ddc8ae67be19e837c9], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391478541407, , [9be4bedf1f5ce6507ff75bca20e1f709], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391478542146, , [b4cbafee2457f44299dd7fa609f8d12f], 
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, , [5a25158880fb50e693b595f4e71ab24e], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe, , [f88734697dfea09684e8bed5966b07f9], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll, , [b4cb6637de9d23136dff068d1ce57c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [d4ab633a2a514ceabab21380c23f49b7], 
PUP.Optional.Somoto, C:\Users\Matthew\AppData\Local\temp\bitool.dll, , [cbb45f3e74071c1af88eb77661a138c8], 
PUP.Optional.Somoto.A, C:\Users\Matthew\AppData\Local\temp\nsdA912.tmp, , [89f6fda05c1fbd7904f7899510f153ad], 
PUP.Optional.OutBrowse, C:\Users\Matthew\AppData\Local\temp\000EC0BF_Rar\SoftwareHacksGenerator.exe, , [cdb2f0ad2c4f86b0f02153cba65aef11], 
PUP.Optional.SnapDo.A, C:\Users\Matthew\AppData\Local\temp\smartbar\Installer.msi, , [eb946439502b46f0b9f7f99108f9669a], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Local\OpenCandy\OpenCandy_{57ECB95C-566B-49DE-939B-1D400122F330}.dll, , [433c2875dba01323d727a1212bd93cc4], 
PUP.Optional.WeCare.A, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46\ReadOnlyInstaller.msi, , [c3bc9508cab141f502ed809e2cd4a55b], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab, , [c5bac7d6b7c4a29458a6388a38cc49b7], 
PUP.Optional.Softonic.A, C:\Users\Matthew\Downloads\SoftonicDownloader_for_starmade (1).exe, , [a0dfebb2df9c8ea870c8b27588798f71], 
PUP.Optional.Softonic.A, C:\Users\Matthew\Downloads\SoftonicDownloader_for_starmade.exe, , [304f920b6b1063d3ca6e47e002ffff01], 
PUP.Optional.Amonetize, C:\Users\Matthew\Downloads\HuluPlus Accounts__5565_il30507.exe, , [f6890a93bebd0234bd7bd3c6da27649c], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsb2772.exe, , [bdc228758af14aec4343e8482cd55aa6], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsc1538.exe, , [cfb0bae31a61aa8c0482250ba9581de3], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nscE7A6.exe, , [e6998f0ec3b8e94dccba5cd424dd33cd], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nscEF5.exe, , [88f7f3aa4635c175f3937fb1aa57a060], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsd25A6.exe, , [532c900dec8fc76f5b2b0e22768b7888], 
PUP.Optional.Conduit.A, C:\Windows\temp\nswF377.exe, , [6d128d104338a78fc187f6935fa2a65a], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsx4EC0.exe, , [394695080873e353f88e1020b44de41c], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsxE95B.exe, , [1a656637bfbce353b9cd54dc8d742dd3], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsy54F7.exe, , [4b34c3da83f88aac355189a781808878], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsyEEAE.exe, , [631cf5a875065ed88501b67a19e8b848], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsyEEFC.exe, , [b5cabae3cdae63d31c6aba762bd613ed], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsgA602.exe, , [86f9abf288f31a1ce662b3d6b84931cf], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsgE572.exe, , [cfb02c71b6c5c274d0b65ad651b045bb], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsh9E6.exe, , [6f10d6c7d9a2d75f4d39cd63de237888], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsi13D2.exe, , [047b2e6f384383b3e99dce62f30ebf41], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsi1596.exe, , [c5ba415ca3d889adbd8b6722f90842be], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsi171C.exe, , [f788128b12691620e5632d5c6c956e92], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsi4C21.exe, , [92ed15882c4f999d1731bbce50b14eb2], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsi58AE.exe, , [f38c7429c3b8bc7adbabe05044bd0ef2], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsiBD3B.exe, , [99e6a4f9037811257c0ac76907fa58a8], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsiD202.exe, , [bac59b02f6857db93e488da345bc7987], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsj1AFE.exe, , [57284d5092e9d46253332f0131d0cc34], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsj4E2A.exe, , [c7b81b828af1c96d91b7b9d020e1e020], 
PUP.Optional.Conduit.A, C:\Windows\temp\nsjB21.exe, , [0d723e5fafcc67cf91b7c8c1778ad62a], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nskAB13.exe, , [116ee1bc314a191d3c4afb35897830d0], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsnD1C3.exe, , [2758c6d7de9d1c1a7d0939f79b669967], 
PUP.Optional.Conduit.A, C:\Windows\temp\nso9CFE.exe, , [c9b6b1ec5922f3433d0b7910649dd828], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsq89BD.exe, , [e996dac3512a71c5d8ae8ca4f30e6e92], 
PUP.Optional.Conduit.A, C:\Windows\temp\nss11C.exe, , [c2bd980566152511242487025da4d030], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nss2171.exe, , [9fe0306d2d4eb48296f0fb3560a1d828], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nss7765.exe, , [c2bd9ffedaa1f93da9dd9e92f60b2cd4], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nst233E.exe, , [f6891e7f98e3d36394f2ff317c85d52b], 
PUP.Optional.Conduit.A, C:\Windows\temp\nst2D9A.exe, , [403f722b95e631058bbdbacf05fc738d], 
PUP.Optional.Conduit.A, C:\Windows\temp\nst2E74.exe, , [7e015f3e45369b9b25234e3b39c8cd33], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nst2F5E.exe, , [463994096b10be783c4a37f9d22fb54b], 
PUP.Optional.Conduit.A, C:\Windows\temp\nst8200.exe, , [3b44c9d4a7d4e353f553f19856aba55b], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsvAE5E.exe, , [a5da59442f4c0d29a8de5dd3fd047090], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsd5314.exe, , [4639e9b4dba064d27c0a34fc3ec3956b], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsd9438.exe, , [c1be2a7359223105dcaa7fb158a9e818], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsdA335.exe, , [7b04e4b98cef7fb787ff35fb679ab24e], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsdF089.exe, , [bec19805b9c25ed8fd898ba5649d9070], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsdF0F6.exe, , [d1ae326b116a71c536506bc5a35e738d], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nse3033.exe, , [6d12b2ebfd7e4beb186ee848af525aa6], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nseB2AA.exe, , [413e9c01d3a852e47b0b2b05877af709], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nseB2F8.exe, , [ff80237aa3d84de9543270c09e63d32d], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsf8A0B.exe, , [255a3568a2d99e98d0b690a037ca48b8], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsh6715.tmp\SPtool.dll, , [1966c8d53f3cad892561ae82996845bb], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsm66E6.tmp\SPtool.dll, , [a7d89effc6b554e2cbbbd7594cb5926e], 
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, , [abd4abf20576f3434da817a604fe2dd3], 
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [80ff3b6299e2181ec6ca14d4bf43db25], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [a4dbcad3bcbfb87ef230cf32cf35936d], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46\1354.ico, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46\EBB77268-338F-4C6A-8590-AD88FED26F4A, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46\OCBrowserHelper_1.0.2.72.dll, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Roaming\OpenCandy\OpenCandy_39B9520A86F545828E0EA01A7DA4EB46\WeCare_Installer_p23v1.exe, , [4d327429b4c753e3bd770797748e7b85], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.SearchProtect.A, C:\Users\Matthew\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [d3ac4657a7d48fa78c8d09ab60a2af51], 
PUP.Optional.Extutil.A, C:\Users\Matthew\AppData\Local\temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [f48b89147605a5911567962009f933cd], 
PUP.Optional.Extutil.A, C:\Users\Matthew\AppData\Local\temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [f48b89147605a5911567962009f933cd], 
PUP.Optional.Extutil.A, C:\Users\Matthew\AppData\Local\temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [f48b89147605a5911567962009f933cd], 
PUP.Optional.Managera.A, C:\Users\Matthew\AppData\Local\temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [38476f2e3744f046ccb1e0d6dc26926e], 
PUP.Optional.Managera.A, C:\Users\Matthew\AppData\Local\temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [38476f2e3744f046ccb1e0d6dc26926e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

 

Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    SNBlQhy.png.pagespeed.ce.2gZp1nIL3G.png
  • Copy and paste the following into the Custom Scans/Fixes box:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.*
winlogon.*
Userinit.*
svchost.*
qmgr.*
mpsvc.*
winsock.*
rpcss.dll*

user32.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

 

  • Click Run Scan.
  • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt.
  • Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.

  • 0

#3
Celticsfan4

Celticsfan4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank you Biscuithd for assisting me with my troubles. I have scanned using OTL and the logs are below.

 

OTL.txt:

OTL logfile created on: 7/14/2014 3:27:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthew\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.75% Memory free
6.99 Gb Paging File | 5.71 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.48 Gb Total Space | 144.06 Gb Free Space | 64.46% Space Free | Partition Type: NTFS
 
Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/14 15:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Downloads\OTL.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/06/14 16:45:20 | 000,924,040 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/06/14 16:44:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2013/06/14 16:43:52 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2013/06/13 21:00:38 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/06/09 19:55:00 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 17:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 17:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 21:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 17:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/04/18 09:52:39 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/18 09:52:18 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/18 09:50:15 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/18 09:49:59 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2009/08/03 21:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 14:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 18:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 18:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 18:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2014/07/08 20:00:35 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/18 19:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/23 14:44:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/29 13:27:05 | 004,402,456 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 02:54:10 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\SPPD.sys -- (SPPD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014/07/13 21:34:46 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/06/10 19:21:06 | 000,114,688 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2013/06/04 19:07:44 | 000,069,224 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/10/19 19:10:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/08/24 15:41:32 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/05 14:58:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/07/05 14:58:26 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/08 23:32:50 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/10/08 23:32:50 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
DRV - [2009/10/08 23:32:50 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 15:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 11:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/07/01 17:26:34 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus)
DRV - [2009/07/01 13:31:44 | 000,374,272 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/05 03:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-02-2013
&tb_mrud=09-02-2013
 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKLM\..\SearchScopes\{E99C349D-A088-48BE-AEB6-4F7FFD838AF9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 50 A1 B1 95 89 CE 01  [binary data]
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/?ref=hp
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{23758B0B-0D9F-32A3-A476-D9B1033E7A1E}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-02-2013
&tb_mrud=09-02-2013
 
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{C7D281D3-6BBB-435F-AC3D-7FC1C18D2250}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{E99C349D-A088-48BE-AEB6-4F7FFD838AF9}: "URL" = http://www.google.co...TSNA_en___US387
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 207.182.151.43:1080
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matthew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/10 23:13:21 | 000,000,000 | ---D | M]
 
[2013/06/10 23:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2012/01/07 16:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Google Wallet = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2011/06/27 22:38:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Supporti Registrazione test Web Microsoft 10.0) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll File not found
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul File not found
O4 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000..\Run: [Facebook Update] C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [osk.exe] C:\windows\System32\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [osk.exe] C:\windows\System32\osk.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 2W4LGYJUDGFC = C:\Users\Matthew\AppData\Roaming\6LAWMT9A.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F4A8E03-7E0E-47C8-BAEB-3024D5A8C96E}: NameServer = 174.114.184.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513FF4E9-A2B7-4973-80C4-113946511A40}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/10 19:32:36 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/07/12 21:31:24 | 000,000,314 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/12 17:18:35 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\26502
[2014/07/12 16:21:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/12 16:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/12 16:20:01 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014/07/12 16:20:01 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mwac.sys
[2014/07/12 16:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/09 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Moms Passwords and Usernames
[2014/07/09 20:06:01 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014/07/09 20:06:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014/07/09 20:06:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014/07/09 20:06:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014/07/09 20:06:01 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014/07/09 20:06:00 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014/07/09 20:06:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014/07/09 20:06:00 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014/07/09 20:06:00 | 000,240,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2014/07/09 20:06:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014/07/09 20:06:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014/07/09 20:05:59 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/07/09 20:05:58 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014/07/09 20:05:58 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014/07/09 20:05:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014/07/09 20:05:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014/07/09 20:05:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014/07/09 20:05:56 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014/07/09 20:05:55 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014/07/09 20:05:53 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014/07/09 20:05:53 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MshtmlDac.dll
[2014/07/09 20:05:51 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014/07/09 20:05:49 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014/07/09 20:02:57 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2014/07/09 20:02:57 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\osk.exe
[2014/07/09 20:02:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2014/07/09 20:02:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2014/07/06 17:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/07/06 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/07/06 17:32:46 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Cadence 2014-2015
[2014/07/06 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2014/07/02 14:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2014/07/02 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Image-Line
[2014/07/02 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Image-Line
[2014/07/02 14:04:51 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2014/07/02 14:04:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\FlowStone
[2014/07/02 14:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\DSPRobotics
[2014/07/02 13:21:52 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Razer_Inc
[2014/07/02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Razer
[2014/07/02 13:20:00 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Razer
[2014/07/02 13:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2014/07/02 13:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2014/07/02 13:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2014/07/02 12:37:32 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\FL Studio Producer Edition 11.0.4 Signature Bundle [ChingLiu]
[2014/07/01 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
[2014/07/01 18:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.4
[2014/06/22 13:09:04 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\ElevatedDiagnostics
[2011/07/07 14:27:00 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Matthew\AppData\Roaming\M3PBKHS3HF.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/14 15:30:06 | 000,000,936 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000UA.job
[2014/07/14 15:15:36 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/14 15:00:36 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/14 14:49:33 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 14:49:33 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 14:41:19 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/14 14:40:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/14 14:40:20 | 2816,864,256 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/14 14:03:05 | 000,007,596 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
[2014/07/13 21:34:46 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/13 20:36:11 | 000,103,140 | ---- | M] () -- C:\hvbk.pif
[2014/07/13 18:30:09 | 000,000,914 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000Core.job
[2014/07/13 13:49:22 | 000,000,512 | ---- | M] () -- C:\Users\Matthew\Desktop\MBR.dat
[2014/07/12 21:31:24 | 000,000,314 | RHS- | M] () -- C:\autorun.inf
[2014/07/12 16:20:14 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/08 20:00:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2014/07/08 20:00:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2014/07/07 17:23:24 | 000,000,000 | ---- | M] () -- C:\Users\Matthew\AppData\Local\{4C1F1F39-E01E-42D5-8D52-8EFA6D6ED0CF}
[2014/07/02 14:05:22 | 000,001,957 | ---- | M] () -- C:\Users\Matthew\Desktop\FL Studio 11.lnk
[2014/07/02 13:18:20 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2014/07/01 18:22:24 | 000,001,014 | ---- | M] () -- C:\Users\Matthew\Desktop\Cheat Engine.lnk
[2014/06/21 18:12:47 | 000,000,000 | ---- | M] () -- C:\Users\Matthew\AppData\Local\{BCD06D4C-ACD2-4836-B293-3F53F96894B8}
[2014/06/20 15:39:54 | 000,240,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2014/06/18 19:56:37 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/06/18 19:56:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014/06/18 19:37:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014/06/18 19:36:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014/06/18 19:35:55 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MshtmlDac.dll
[2014/06/18 19:28:45 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014/06/18 19:28:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014/06/18 19:25:38 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014/06/18 19:23:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014/06/18 19:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014/06/18 19:22:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014/06/18 19:16:33 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014/06/18 19:12:01 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014/06/18 19:06:10 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014/06/18 19:01:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014/06/18 18:58:08 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014/06/18 18:52:58 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014/06/18 18:52:18 | 004,254,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014/06/18 18:49:52 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014/06/18 18:46:23 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2014/06/18 18:45:59 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014/06/18 18:07:42 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\osk.exe
[2014/06/17 20:52:00 | 002,350,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2014/06/15 10:21:05 | 000,709,972 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/06/15 10:21:05 | 000,140,742 | ---- | M] () -- C:\windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2014/07/13 20:36:11 | 000,103,140 | ---- | C] () -- C:\hvbk.pif
[2014/07/13 13:49:22 | 000,000,512 | ---- | C] () -- C:\Users\Matthew\Desktop\MBR.dat
[2014/07/12 21:31:08 | 000,000,314 | RHS- | C] () -- C:\autorun.inf
[2014/07/12 16:20:14 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/07 17:23:24 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\{4C1F1F39-E01E-42D5-8D52-8EFA6D6ED0CF}
[2014/07/02 14:05:22 | 000,001,957 | ---- | C] () -- C:\Users\Matthew\Desktop\FL Studio 11.lnk
[2014/07/02 13:18:20 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2014/07/01 18:22:24 | 000,001,014 | ---- | C] () -- C:\Users\Matthew\Desktop\Cheat Engine.lnk
[2014/06/21 18:12:47 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\{BCD06D4C-ACD2-4836-B293-3F53F96894B8}
[2014/03/22 16:04:53 | 000,046,493 | ---- | C] () -- C:\Users\Matthew\frightbaby.jpg
[2014/03/15 14:37:29 | 000,266,568 | ---- | C] () -- C:\Users\Matthew\lucky.htm
[2014/03/08 14:12:26 | 000,012,285 | ---- | C] () -- C:\Users\Matthew\2013_South_Carolina_Electronic_Filing_Form.pdf
[2014/03/08 14:12:02 | 000,028,380 | ---- | C] () -- C:\Users\Matthew\2013_South_Carolina_Return.pdf
[2014/03/08 14:11:27 | 000,018,783 | ---- | C] () -- C:\Users\Matthew\2013_Federal_Return.pdf
[2013/07/10 16:21:08 | 000,000,079 | ---- | C] () -- C:\windows\wininit.ini
[2013/02/28 20:29:02 | 000,000,046 | ---- | C] () -- C:\Users\Matthew\jagex_cl_oldschool_LIVE.dat
[2012/11/09 20:22:10 | 000,000,600 | ---- | C] () -- C:\Users\Matthew\PUTTY.RND
[2012/11/07 17:41:17 | 000,000,044 | ---- | C] () -- C:\Users\Matthew\matrix_cl_matrix_LIVE.dat
[2012/11/03 21:39:59 | 000,638,479 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\Default
[2012/10/29 06:50:44 | 000,000,047 | ---- | C] () -- C:\Users\Matthew\jagex_cl_runescape_LIVE2.dat
[2012/10/23 18:23:51 | 000,000,024 | ---- | C] () -- C:\Users\Matthew\jagexappletviewer.preferences
[2012/10/21 10:44:37 | 000,000,048 | ---- | C] () -- C:\Users\Matthew\jagex_cl_loginapplet_LIVE.dat
[2012/08/08 11:00:09 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2012/07/12 09:26:36 | 000,000,051 | ---- | C] () -- C:\Users\Matthew\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/12 09:26:36 | 000,000,024 | ---- | C] () -- C:\Users\Matthew\random.dat
[2011/12/03 12:50:02 | 000,000,047 | ---- | C] () -- C:\Users\Matthew\jagex_cl_runescape_LIVE1.dat
[2011/11/22 20:27:36 | 000,000,032 | ---- | C] () -- C:\Users\Matthew\jagex_cl_runescape_LIVE.dat
[2011/04/16 13:57:25 | 000,014,848 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/15 13:19:11 | 000,007,596 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
[2010/07/14 14:25:02 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\jagex__preferences3.dat
[2010/07/14 14:25:01 | 000,000,129 | ---- | C] () -- C:\Users\Matthew\jagex_runescape_preferences2.dat
[2010/07/14 14:23:35 | 000,000,046 | ---- | C] () -- C:\Users\Matthew\jagex_runescape_preferences.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 08:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 08:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 22:07:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 17:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
 
< MD5 for: EXPLORER.DESIGNER.VB  >
[2007/11/08 08:02:06 | 000,036,523 | ---- | M] () MD5=D0619C994564E5DD196C3E8650D91174 -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
 
< MD5 for: EXPLORER.RESX  >
[2007/11/08 08:02:06 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
 
< MD5 for: EXPLORER.VB  >
[2007/11/08 08:02:06 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
 
< MD5 for: EXPLORER.VSTEMPLATE  >
[2007/11/08 08:02:06 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
 
< MD5 for: EXPLORER.ZIP  >
[2007/11/08 08:02:08 | 000,024,306 | ---- | M] () MD5=3CAA9AA502C183C02137F62D0D538984 -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip
 
< MD5 for: MPSVC.DLL  >
[2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpSvc.dll
[2013/05/27 00:29:30 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=0A4C23D8D5B7A376C6C51EC72F3CB8AA -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpSvc.dll
[2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll
[2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll
[2013/05/27 00:30:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=7F7161507C1FDBDAB71941D3BA9636B6 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpSvc.dll
[2013/05/27 00:58:00 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=8988FAC76FD9178180FE2C8C2C7A4C03 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
 
< MD5 for: QMGR.DLL.MUI  >
[2009/07/13 22:08:58 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=DD33F106C44247E5B309C0A73E350032 -- C:\Windows\System32\en-US\qmgr.dll.mui
[2009/07/13 22:08:58 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=DD33F106C44247E5B309C0A73E350032 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9201f3d2cbd74c82\qmgr.dll.mui
 
< MD5 for: QMGR.H  >
[2010/03/18 19:00:24 | 000,039,039 | ---- | M] () MD5=28406475FB7800857E568D174580AC05 -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Include\qmgr.h
[2007/09/27 14:19:50 | 000,037,859 | ---- | M] () MD5=5818138338B840722006BF49DE6D2894 -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\qmgr.h
[2006/03/03 22:19:14 | 000,048,967 | ---- | M] () MD5=B3885234E6A0FC607AFE7BDB11308864 -- C:\Program Files\Microsoft SDKs\Windows\v5.0\Include\qmgr.h
 
< MD5 for: QMGR.IDL  >
[2006/03/03 22:19:14 | 000,009,783 | ---- | M] () MD5=BCC99C5B66B1ED5603FC350D9CA7B332 -- C:\Program Files\Microsoft SDKs\Windows\v5.0\Include\qmgr.idl
[2007/09/27 14:19:50 | 000,009,785 | ---- | M] () MD5=D240A707BBAA9E74B94A05E69EE8CB2B -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\qmgr.idl
[2010/03/18 19:00:24 | 000,009,785 | ---- | M] () MD5=D240A707BBAA9E74B94A05E69EE8CB2B -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Include\qmgr.idl
 
< MD5 for: QMGR.MOF  >
[2009/06/10 17:34:47 | 000,002,302 | ---- | M] () MD5=D51680128310DDDEC98B918418887C96 -- C:\Windows\System32\wbem\qmgr.mof
[2009/06/10 17:34:47 | 000,002,302 | ---- | M] () MD5=D51680128310DDDEC98B918418887C96 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.mof
[2009/06/10 17:34:47 | 000,002,302 | ---- | M] () MD5=D51680128310DDDEC98B918418887C96 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.mof
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.CFG  >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: SVCHOST.EXE.MUI  >
[2009/07/13 22:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\System32\en-US\svchost.exe.mui
[2009/07/13 22:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui
 
< MD5 for: SVCHOST.EXE-1C37F0CA.PF  >
[2014/07/12 20:39:16 | 000,015,534 | ---- | M] () MD5=5B2F74E0DA2D290538F2682A7167FB30 -- C:\Windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf
 
< MD5 for: SVCHOST.EXE-267B1128.PF  >
[2014/07/13 13:20:07 | 000,028,492 | ---- | M] () MD5=E06681CC1184A66011283E2521BF1CD7 -- C:\Windows\Prefetch\SVCHOST.EXE-267B1128.pf
 
< MD5 for: SVCHOST.EXE-2DE8DAF4.PF  >
[2014/07/13 21:34:44 | 000,032,902 | ---- | M] () MD5=143B0099472A2A78CC79A03E86DF4841 -- C:\Windows\Prefetch\SVCHOST.EXE-2DE8DAF4.pf
 
< MD5 for: SVCHOST.EXE-3B07B0B7.PF  >
[2014/07/13 21:19:01 | 000,026,850 | ---- | M] () MD5=25659E29A35B61F90E1044477F4AD6D7 -- C:\Windows\Prefetch\SVCHOST.EXE-3B07B0B7.pf
 
< MD5 for: SVCHOST.EXE-64A5EADA.PF  >
[2014/07/14 14:10:08 | 000,005,080 | ---- | M] () MD5=9307C7A30D0DDB56CF82072528A12DB2 -- C:\Windows\Prefetch\SVCHOST.EXE-64A5EADA.pf
 
< MD5 for: SVCHOST.EXE-8049FA24.PF  >
[2014/07/14 15:56:59 | 000,012,668 | ---- | M] () MD5=50258CDE3F3644F7FBDBF805AD394D3A -- C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf
 
< MD5 for: SVCHOST.EXE-8D8E5F88.PF  >
[2014/07/13 21:19:01 | 000,018,724 | ---- | M] () MD5=34EF8D05B32B4EF3E95E0C7715C62469 -- C:\Windows\Prefetch\SVCHOST.EXE-8D8E5F88.pf
 
< MD5 for: SVCHOST.EXE-8F6A8F43.PF  >
[2014/07/14 15:33:37 | 000,015,698 | ---- | M] () MD5=CC913BB9427C9B95F62FDDDB06623665 -- C:\Windows\Prefetch\SVCHOST.EXE-8F6A8F43.pf
 
< MD5 for: SVCHOST.EXE-9FB66B4B.PF  >
[2014/07/14 14:09:43 | 000,007,168 | ---- | M] () MD5=01636037EFE6D2350167CFD3AC7AC82C -- C:\Windows\Prefetch\SVCHOST.EXE-9FB66B4B.pf
 
< MD5 for: SVCHOST.EXE-C89D1370.PF  >
[2014/07/14 14:10:44 | 000,007,936 | ---- | M] () MD5=2EB647C24894FC36B3C5508B6EDE1543 -- C:\Windows\Prefetch\SVCHOST.EXE-C89D1370.pf
 
< MD5 for: SVCHOST.EXE-DE976B47.PF  >
[2014/07/13 20:38:46 | 000,010,764 | ---- | M] () MD5=D375742673AC5C6B505F9081F22ADD8D -- C:\Windows\Prefetch\SVCHOST.EXE-DE976B47.pf
 
< MD5 for: SVCHOST.EXE-F80479F5.PF  >
[2014/07/13 21:34:24 | 000,024,638 | ---- | M] () MD5=BD83C0E648301A12F4385560D4776CA1 -- C:\Windows\Prefetch\SVCHOST.EXE-F80479F5.pf
 
< MD5 for: USER32.AMX  >
[2010/11/20 05:07:04 | 000,368,340 | ---- | M] () MD5=37908876D8790D913189D45466471DEE -- C:\Windows\System32\manifeststore\user32.amx
[2010/11/20 05:07:04 | 000,368,340 | ---- | M] () MD5=37908876D8790D913189D45466471DEE -- C:\Windows\winsxs\x86_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_9fd2cefe11947959\user32.amx
[2009/07/13 19:25:01 | 000,368,328 | ---- | M] () MD5=74FA96FC74E0C6B3CCC328A6781D6DFC -- C:\Windows\winsxs\x86_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7600.16385_none_9da1bb3614a5f5bf\user32.amx
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USER32.DLL.MUI  >
[2010/11/20 08:15:11 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6B63EA7979F501C37FC55A26CA162ACD -- C:\Windows\System32\en-US\user32.dll.mui
[2010/11/20 08:15:11 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6B63EA7979F501C37FC55A26CA162ACD -- C:\Windows\winsxs\x86_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_400561b5895f5318\user32.dll.mui
[2009/07/13 22:03:02 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=D448B52149F95F1250100F9BD0ED7152 -- C:\Windows\winsxs\x86_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3dd44ded8c70cf7e\user32.dll.mui
 
< MD5 for: USER32.LIB  >
[2010/03/18 19:00:32 | 000,170,922 | ---- | M] () MD5=114A9D5A22E263DA0BF5D45B27BE6BEE -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Lib\IA64\User32.Lib
[2010/03/18 19:00:30 | 000,152,726 | ---- | M] () MD5=1C8358739C55F9315BED41194F6EE808 -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Lib\User32.Lib
[2006/03/03 22:23:28 | 000,158,836 | ---- | M] () MD5=3D64A746FEBCB18CB12945544BDA65D0 -- C:\Program Files\Microsoft SDKs\Windows\v5.0\Lib\IA64\User32.Lib
[2010/03/18 19:00:32 | 000,142,392 | ---- | M] () MD5=A90C7C051016CD7A669940CCD635B09B -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Lib\x64\User32.Lib
[2007/09/27 14:20:22 | 000,137,848 | ---- | M] () MD5=CD63CBAECB2C0F8846342FC2ECF21306 -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\x64\User32.Lib
[2007/09/27 14:20:18 | 000,147,834 | ---- | M] () MD5=F12372CA9B89B0F4F8B03DF326673986 -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\User32.Lib
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: USERINIT.EXE.MUI  >
[2009/07/13 22:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\System32\en-US\userinit.exe.mui
[2009/07/13 22:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 22:05:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 17:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 06:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 08:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/20 08:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2009/07/13 22:05:28 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DB61D28A59DEE68F77811B291D83AD1B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cacee7ae656a07ab\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 22:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2009/07/13 22:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 16:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 16:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
 
< MD5 for: WINSOCK.DLL  >
[2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
 
< MD5 for: WINSOCK.EXP  >
[2007/02/20 17:01:00 | 000,004,117 | ---- | M] () MD5=8D1B96F20C5BC5F5FB6B94150AAEE03E -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Lib\ARMV4I\winsock.exp
[2007/02/20 17:00:26 | 000,004,112 | ---- | M] () MD5=D1728F1F4F917F8D955B70D083B77328 -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Lib\ARMV4I\winsock.exp
 
< MD5 for: WINSOCK.H  >
[2007/09/27 14:19:56 | 000,037,155 | ---- | M] () MD5=312BB8216BBA1D411C7E3BFCD19DAE1C -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\WinSock.h
[2007/02/20 17:00:26 | 000,031,584 | ---- | M] () MD5=48E0155D9225C142ACC1A74091938AFF -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Include\Armv4i\winsock.h
[2007/02/20 17:00:58 | 000,031,584 | ---- | M] () MD5=48E0155D9225C142ACC1A74091938AFF -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Include\Armv4i\winsock.h
[2010/03/18 19:00:26 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.0A\Include\WinSock.h
[2006/03/03 22:23:24 | 000,037,677 | ---- | M] () MD5=BF429731C6C413737CA92F04E73FE4CC -- C:\Program Files\Microsoft SDKs\Windows\v5.0\Include\WinSock.h
[2003/04/06 10:53:40 | 000,031,437 | ---- | M] () MD5=CABA6C991EEBC4C6C20C82025F2784C5 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\PocketPC2003\Include\winsock.h
[2003/05/06 17:34:46 | 000,031,437 | ---- | M] () MD5=CABA6C991EEBC4C6C20C82025F2784C5 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\Smartphone2003\Include\winsock.h
 
< MD5 for: WINSOCK.LIB  >
[2003/05/14 08:06:48 | 000,007,064 | ---- | M] () MD5=1BBCD33F23F703864F02DFB81D1DED73 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\Smartphone2003\Lib\armv4\winsock.lib
[2007/02/20 17:01:00 | 000,007,064 | ---- | M] () MD5=3784A1D15BF4CBF48FE82DC2E656932B -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Lib\ARMV4I\winsock.lib
[2007/02/20 17:00:26 | 000,007,064 | ---- | M] () MD5=961FF10351067139E846C8723A69F1E1 -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Lib\ARMV4I\winsock.lib
[2003/04/06 10:14:20 | 000,007,064 | ---- | M] () MD5=A2CBBF9657E878812223C868BD8E2D26 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\PocketPC2003\Lib\armv4\winsock.lib
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is TI102902W0D
 Volume Serial Number is 64C9-6501
 Directory of C:\
07/14/2009  12:53 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC
07/02/2014  02:05 PM    <SYMLINKD>     Downloaded [C:\Users\Matthew\Documents\Image-Line\Data\fpc\]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Harmor
07/02/2014  02:05 PM    <SYMLINKD>     Downloaded [C:\Users\Matthew\Documents\Image-Line\Data\Harmor\]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun
07/02/2014  02:05 PM    <SYMLINKD>     Downloaded [C:\Users\Matthew\Documents\Image-Line\Data\ogun\]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:53 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:53 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:53 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:53 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:53 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:53 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:53 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:53 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:53 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:53 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:53 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:53 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:53 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:53 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:53 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:53 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:53 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:53 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:53 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:53 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:53 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:53 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:53 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:53 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:53 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:53 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:53 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:53 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:53 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Matthew
07/08/2010  12:44 AM    <JUNCTION>     Application Data [C:\Users\Matthew\AppData\Roaming]
07/08/2010  12:44 AM    <JUNCTION>     Cookies [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies]
07/08/2010  12:44 AM    <JUNCTION>     Local Settings [C:\Users\Matthew\AppData\Local]
07/08/2010  12:44 AM    <JUNCTION>     My Documents [C:\Users\Matthew\Documents]
07/08/2010  12:44 AM    <JUNCTION>     NetHood [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/08/2010  12:44 AM    <JUNCTION>     PrintHood [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/08/2010  12:44 AM    <JUNCTION>     Recent [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Recent]
07/08/2010  12:44 AM    <JUNCTION>     SendTo [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\SendTo]
07/08/2010  12:44 AM    <JUNCTION>     Start Menu [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu]
07/08/2010  12:44 AM    <JUNCTION>     Templates [C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Matthew\AppData\Local
07/08/2010  12:44 AM    <JUNCTION>     Application Data [C:\Users\Matthew\AppData\Local]
07/08/2010  12:44 AM    <JUNCTION>     History [C:\Users\Matthew\AppData\Local\Microsoft\Windows\History]
07/08/2010  12:44 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Matthew\Documents
07/08/2010  12:44 AM    <JUNCTION>     My Music [C:\Users\Matthew\Music]
07/08/2010  12:44 AM    <JUNCTION>     My Pictures [C:\Users\Matthew\Pictures]
07/08/2010  12:44 AM    <JUNCTION>     My Videos [C:\Users\Matthew\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:53 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:53 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:53 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 
< End of report >
 
Extras.txt:

OTL Extras logfile created on: 7/14/2014 3:27:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthew\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.75% Memory free
6.99 Gb Paging File | 5.71 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.48 Gb Total Space | 144.06 Gb Free Space | 64.46% Space Free | Partition Type: NTFS
 
Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"AntivirusOverride" = 1
"UacDisableNotify" = 1
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiSpywareOverride" = 0
"FirstRunDisabled" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Matthew\AppData\Local\Temp\SoftwareHacksGenerator.exe" = C:\Users\Matthew\AppData\Local\Temp\SoftwareHacksGenerator.exe:*:Enabled:ipsec
"C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe" = C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe:*:Enabled:ipsec -- (Facebook Inc.)
"C:\windows\system32\Dwm.exe" = C:\windows\system32\Dwm.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe:*:Enabled:ipsec -- (TOSHIBA Corporation)
"C:\windows\Explorer.EXE" = C:\windows\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe:*:Enabled:ipsec -- (TOSHIBA CORPORATION)
"C:\windows\system32\taskeng.exe" = C:\windows\system32\taskeng.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe" = C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe:*:Enabled:ipsec -- (Citrix Systems, Inc.)
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" = C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe:*:Enabled:ipsec -- (TOSHIBA Corporation)
"C:\Program Files\Real\RealUpgrade\RealUpgrade.exe" = C:\Program Files\Real\RealUpgrade\RealUpgrade.exe:*:Enabled:ipsec -- (RealNetworks, Inc.)
"C:\Program Files\Citrix\Receiver\Receiver.exe" = C:\Program Files\Citrix\Receiver\Receiver.exe:*:Enabled:ipsec -- (Citrix Systems, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05722269-07D0-4C30-BBC7-E9C9E72F0319}" = rport=25565 | protocol=6 | dir=out | name=minecraft | 
"{063C0E9E-5D7E-4A72-AB93-9242ABA0B821}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0864FA6E-AA30-45E0-8A3F-3BD154BFF374}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0EF25936-0F37-4D28-84BB-B95E78F48F6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12EF075C-3F51-43C9-96BA-6EDBEC863F93}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19EB9A64-F64B-4270-B8EB-88FBCDA40E00}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{22809CE6-DD22-4F04-8EBB-8E63310D063F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{294BA009-A1D7-404D-B0B7-263516FE459D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{294DC44A-FDD8-4E0B-AB4A-D7E5CE8985C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2B9AE8AA-2979-4260-83A7-A2EC8474E2D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C102D15-815C-49DC-9459-38C7D80FADF1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D1A26FB-94E5-47EC-B021-4D007F080758}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2DA5BAF9-4475-4BFB-BB26-3F140CF5A631}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{3AB6C100-7F41-45D3-8DFC-1418C3557CCF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{49E37972-EA65-4833-ADC0-7D0C8D0BA467}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B77B9B5-D8D5-4D9C-A8FC-C7B0D79BC662}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{540AAD17-6E11-42ED-BAD9-8BFD874D5376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{626D6C93-03AA-4452-811C-09C36052F5BE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{62E5A907-B1AF-4BF1-BB1E-65415FF95200}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E92E9A5-2C5E-4FBC-BC13-2D1BFC0F32FA}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
"{7A2BAF5A-60EB-4C98-BCD3-DC4D2D127881}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B563C6C-373B-4945-AC46-2ECE52E53CB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8DAC1B5B-875A-4CA0-9845-51482B5393B8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8FF15DF3-005C-4F4C-A9AC-AAA5FBB5088A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{98286069-07C0-4F4E-9DC3-661FF3F15474}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A1960B9B-55F7-4F6D-B6A0-478A44A67BAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AAF6D8D1-FF6D-485D-9F29-8A6F0A82C883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0664966-54E3-404E-BBB8-DB0DAFA6DB65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B894F63B-308B-4ACC-9B09-D7819D0D9C20}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C185DF82-47E6-483B-81B6-FAA7B442CDBF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CDF9CA60-919B-4B6F-ACAB-01FC902CC35D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D638D429-CC7E-4C55-B28C-18E9E1BAADF4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE5CBEBD-72F2-4157-9BB0-17FC71BE868D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E17D150C-A00B-4A99-AC26-99B1C603A10A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E23AC323-6386-4DA7-823B-A0FD25CC00D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E47E0223-5C8E-463E-B5C2-355F6E9DB3E9}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{E7711C93-0DA3-4BBA-A43E-333558BF00FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E7D6E3F4-38B6-4ADC-8EB4-B91A20CCFE1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F087D89E-1D34-499D-9F52-1F422F6DB5A9}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{F809392E-AF42-499A-926D-19112ECACC27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB8743D4-2D80-40DF-B4E4-276E6A76EB6E}" = rport=25565 | protocol=6 | dir=in | name=minecraft | 
"{FC21D868-F482-433B-AAB8-FFE121FC1244}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E1720B-0A24-4EBE-8DC6-05AB8016ABA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03F0EB54-F4F2-4E71-BF71-79BBEAF5E73F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{081995B5-7412-45CD-9B97-E4D99168276E}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{0BA3209B-1847-4FFD-8370-53729D16FB76}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{0BE0F9F5-0954-4B21-8B7E-A00ED0CDB821}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{0F8ABB17-BE69-4321-88E0-26DE0FC5F362}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{131B2D5D-6C72-4322-A184-F98281AE89A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{157C1E98-588B-4B5D-8BC1-F2E65728D73F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{169D3372-CFF9-4367-8E75-F0975A268712}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B684ACB-A6CF-493F-B65D-E3A74D27BF7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{213DF4ED-37A7-48ED-8737-A1AF50E2EFF4}" = protocol=6 | dir=out | app=system | 
"{2219C970-9964-49C2-BD12-9A28CD813699}" = protocol=58 | dir=out | [email protected],-28546 | 
"{222FEADC-A6F8-4E84-B59E-A9CC07ECA46B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2D0A9EE1-AF9B-40D8-B103-B5F5D0B6A6E8}" = protocol=17 | dir=in | app=c:\users\matthew\appdata\roaming\spotify\spotify.exe | 
"{2E4B8A7F-93C8-4349-8F25-0F48AECD5017}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2EB9B1E3-2F35-4F5C-BEB7-9ABA03EF5022}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farming simulator 2013\farmingsimulator2013game.exe | 
"{2F310C22-261F-4D43-83A0-77CE72002B8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toribash\toribash.exe | 
"{31E3C4E2-6060-4123-995C-23338402F2A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{32CCDC15-551C-415D-8C60-E13A31D5EE2E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{341DBE49-D419-4FAA-9B8A-B08DD45D40ED}" = dir=in | app=%programfiles%\image-line\fl studio 11\fl.exe | 
"{34E2A2A3-EC07-4E52-BFFF-6015DD3A1EEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{368B8343-BDFC-418A-80CF-CF61D2C337C9}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{36D4688F-66D8-497D-9A49-F4F73D703711}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{37A393E1-630B-43FB-8F8F-44FB95C8F4BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{38086489-4F9D-4FC4-8BA3-FB5990EBAB80}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{392FC437-E75B-458C-9DD4-D5847F32DFFB}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{3942962F-F145-4CF0-AE2C-B266C0DBDD94}" = protocol=6 | dir=in | app=c:\users\matthew\appdata\roaming\spotify\spotify.exe | 
"{3ABF420A-1E7F-49D4-84F2-499F60DF5AB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E5062B7-09F5-4636-A96C-6DDC796F8D7A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{41535ADA-556C-42F6-91D8-36EFFFE04699}" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"{43238C8D-AFC2-440C-840A-A247685BBB71}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{4F02358F-F5AD-4A0A-BF10-5E4CA7B3F8E9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{50002F3F-8F54-4C64-8FF5-2E022BA42A16}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5157E285-26BF-47D9-AD07-E6074D037872}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe | 
"{57BDE4F0-B7BC-4D79-BF72-E8840D41D831}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5CF06726-BED1-4C9F-8762-E7CE1B515D56}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{5EA76A98-3396-4B9D-8439-F467A35C302E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{5FF1FAB8-22BC-44C6-B3BF-6FF5202949D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{655A8387-689B-4F94-8B56-027967F22408}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{66B5FA72-E739-4080-A343-30FDC03B70B3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{6C28940A-00C6-4255-B342-89F60D3596FC}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{704C6F09-2400-4843-9F31-8D3F4C39C015}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{78C7D6BE-0929-4CAA-88DA-703E5FE1ACB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B4A91B8-220C-485B-A7FC-F37E850A2C5B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{8506B274-F3B5-48D1-8740-74FB555F9BFB}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{8A945F27-ABA9-44BA-8C2B-31F69CB22920}" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe | 
"{8EBF7D6B-34E0-4060-85CB-AA9EF941FC2E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{930836D6-D4B9-4262-9B7A-8AB48BE45E17}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{9B459C6F-76DA-4E78-AFC8-EF319B602E92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{9BF1DCDD-7C73-477F-99C9-D33774C355BF}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A2D7C05F-E77C-4A7A-9164-4301E23A9861}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A59D69C1-199F-498C-882A-BC7F14187996}" = protocol=58 | dir=in | [email protected],-28545 | 
"{A767AA2F-ADE2-4835-BCD3-995CD276FC45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA792635-B468-4469-87E1-3EF173055426}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toribash\toribash.exe | 
"{BE9FCB3B-2EAA-4F8E-AC1D-B2EF04DDFADB}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | 
"{BF50FF16-A55F-4717-9B3F-D5659AC76D7E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{C130D03C-B163-4056-AE16-8F42A6B8CBE0}" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"{C9789523-BAE0-44B2-9E89-EEABC7255F99}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{CE6577F3-E644-4D71-A2E1-7EFDB1C360EC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{D06F1522-0FEF-4F8B-B3F0-0B548D09D06A}" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe | 
"{D10C7719-DFAA-47CB-AD9A-14589BE48DA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farming simulator 2013\farmingsimulator2013game.exe | 
"{E36FEC49-9AC4-45F2-8AF7-BD0D698F9053}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAE44019-274F-4CED-BCFD-F8D68CD980EB}" = dir=in | app=c:\users\matthew\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{EC18FCF8-A906-45CA-8E04-3625F354A85A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ECEEAF0E-DE40-4441-88FA-B1033C1CBC06}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe | 
"{ED73193F-44DC-45C2-9620-662117DF635B}" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"{F0C8C898-CAC9-49E9-8DB6-E48FE8A204DC}" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"{F0CF2D5B-C186-4466-A2CD-1EE222E9356F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F321354D-4AF2-47B3-97AB-E30E2D12A326}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F35A9D0C-65F5-48BA-8541-FBD216E1175C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{FE3CA292-DA03-40DE-B1C2-29645DD93E81}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | 
"TCP Query User{00A4BE32-8254-4D05-928F-6830779627DE}C:\users\matthew\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{08415B67-851A-47C8-8B21-C73780CC051B}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{10D210C5-24AE-4CD3-B212-2AC3C8E00C60}C:\users\matthew\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\local\temp\gw2.exe | 
"TCP Query User{13D6AAA4-0993-48A7-AF67-045F0BA40C86}C:\program files\toshiba\flashcards\tcrdmain.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\flashcards\tcrdmain.exe | 
"TCP Query User{15050CDA-7F75-463C-80C5-F9494B5B8901}C:\users\matthew\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3BF4F05E-3D3E-4406-BEC1-77651F372125}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe | 
"TCP Query User{456FC68E-B533-482D-8F30-6B9CC0D509CF}C:\program files\toshiba\configfree\ndstray.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\configfree\ndstray.exe | 
"TCP Query User{491843D3-40FB-44D3-93F5-BE443015261C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{4A88C05E-954E-469F-BAE0-8975463C2785}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{63BF74EB-0EB6-4E09-9AFF-78017CE370F8}C:\users\matthew\desktop\simba\plugins\smartremote32.exe" = protocol=6 | dir=in | app=c:\users\matthew\desktop\simba\plugins\smartremote32.exe | 
"TCP Query User{69E20957-9093-4841-8FD0-97934BCD05B1}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe | 
"TCP Query User{6AB1E2BF-66D6-4257-9B9A-FAEE4D48A919}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{76AF5BB2-A13E-4AA1-B5C9-2999811D585B}C:\program files\java\jdk1.7.0\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0\jre\bin\javaw.exe | 
"TCP Query User{7E879AD1-16A9-4C20-944A-80AA166FABE9}C:\users\matthew\appdata\local\temp\softwarehacksgenerator.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\local\temp\softwarehacksgenerator.exe | 
"TCP Query User{81828F06-63DC-4CA8-A552-A29A9FDA7896}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{882C6BB0-0D05-4EDA-ADD3-E07C3ABF080E}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{8ABAA899-1376-4B45-BD5B-E08BDB49E916}C:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe | 
"TCP Query User{8F78984B-A53F-4828-A6F7-41E19BFB525E}C:\program files\citrix\selfserviceplugin\selfservice.exe" = protocol=6 | dir=in | app=c:\program files\citrix\selfserviceplugin\selfservice.exe | 
"TCP Query User{9161976D-973F-4329-B911-CF5F7B8264D9}C:\program files\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe | 
"TCP Query User{96CBFA89-F81E-4CE4-8906-81129D9C0212}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{99D74676-F89D-4875-B0D5-E66B43088FDF}C:\program files\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\terraria\terrariaserver.exe | 
"TCP Query User{B76F2278-FB6B-4D1A-BB11-D14F68D11F07}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B83023AD-EB14-4CB4-8C30-0E97FBA358C9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{BD7D0880-F50B-4757-8898-CCD8B507FCC2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D77D8CCC-0D1F-455D-A2AD-4506A7EBC5F4}C:\users\matthew\downloads\runes_of_magic_4_0_8_2506_full_us.exe" = protocol=6 | dir=in | app=c:\users\matthew\downloads\runes_of_magic_4_0_8_2506_full_us.exe | 
"TCP Query User{D7FE38FF-0B33-4F73-A03B-85089BE1ED49}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"TCP Query User{DE6DCCD2-D672-4551-9030-7A8F61ED8C8D}C:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe | 
"TCP Query User{E9CB8E5F-1D8C-4CE3-B4C9-6278D0E68403}C:\users\matthew\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{055B5169-58AA-4205-A62D-53281031647C}C:\program files\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe | 
"UDP Query User{06582DC2-75DA-412B-B5BC-57E91E6FBD47}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe | 
"UDP Query User{07463F66-1EF2-428C-8669-9D17E1B6ADED}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{0A0602E0-CF21-498C-BC71-8DDCD7A28387}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe | 
"UDP Query User{154FA556-2F08-466C-B7AB-8B1F044ABE25}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{32102FE2-3446-40F2-9A3C-765D53CD52D2}C:\users\matthew\appdata\local\temp\softwarehacksgenerator.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\local\temp\softwarehacksgenerator.exe | 
"UDP Query User{3270419D-4D26-454A-AC13-26CF71C53F88}C:\program files\toshiba\flashcards\tcrdmain.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\flashcards\tcrdmain.exe | 
"UDP Query User{363C7659-E6A1-48F6-B0B1-7BB0251732C5}C:\users\matthew\downloads\runes_of_magic_4_0_8_2506_full_us.exe" = protocol=17 | dir=in | app=c:\users\matthew\downloads\runes_of_magic_4_0_8_2506_full_us.exe | 
"UDP Query User{3B48AD52-BC6D-42E8-8FA2-BC09D356A650}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"UDP Query User{48CEEC04-37FB-467A-85CE-EEE7136023DD}C:\users\matthew\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{4E6F75BA-60EB-4A54-9DC6-84722E49FDF7}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{4ED810F3-B2A3-4A13-9F0E-0CF6B649DA4B}C:\program files\toshiba\configfree\ndstray.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\configfree\ndstray.exe | 
"UDP Query User{6A3951AC-1281-4F94-8606-E5603167429D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{77530856-0DF3-4F18-BF3B-4B73A30CBBD0}C:\users\matthew\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{843CA663-66BB-4F64-8BDF-E1FAC38047E3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{932791D3-A53A-43BC-946F-5CAB30E1D385}C:\users\matthew\desktop\simba\plugins\smartremote32.exe" = protocol=17 | dir=in | app=c:\users\matthew\desktop\simba\plugins\smartremote32.exe | 
"UDP Query User{973B2548-42DC-4ADD-85CE-B81DD036C104}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{ADF567EF-F89D-4326-B46C-5DD05910D75B}C:\program files\java\jdk1.7.0\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0\jre\bin\javaw.exe | 
"UDP Query User{BCB6CB79-2CFD-4203-B01E-FBFC2A57EA8D}C:\program files\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\terraria\terrariaserver.exe | 
"UDP Query User{C046C8CD-A5F0-4A6F-9297-66B53CAF3489}C:\users\matthew\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\local\temp\gw2.exe | 
"UDP Query User{C13D4E49-4FDB-472E-BF3E-97AA025045F5}C:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\boltskull\garrysmod\hl2.exe | 
"UDP Query User{C3D62E00-13B7-40D8-8E8D-F533B3A284F2}C:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe | 
"UDP Query User{DD3BED38-63CD-4348-8831-2DCD4FB8AD75}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{E3B69833-2D3C-4C03-8348-E374C287BBBF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{EEEFD3D1-F9AA-4E36-8514-63ED0A7C7A70}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{F1FDB34E-2706-44CB-A49A-B0488D1EA8DB}C:\program files\citrix\selfserviceplugin\selfservice.exe" = protocol=17 | dir=in | app=c:\program files\citrix\selfserviceplugin\selfservice.exe | 
"UDP Query User{FA3F64A5-E237-42C3-9878-25F647ACC137}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{FF9C8712-0A01-44CE-B124-F58CD840034C}C:\users\matthew\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10722A88-7C26-4F90-A520-88B40A91E485}" = Microsoft SQL Server 2008 R2 Management Objects
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{1606C5A0-DCD7-4543-A185-FAAD210E5284}" = Citrix Receiver(Aero)
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{222BD298-FD64-45CD-8D27-943806044729}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) it
"{22F90F2E-1DA2-4801-A58C-FC3D13297749}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C5B81B0-D8C7-4D4E-A746-3AEB49521B4D}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3E6D7195-3B74-46AF-9BD1-49EBECD0A455}" = Citrix Receiver(DV)
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42D65288-92F3-4AD6-892C-DFEE475F69A9}" = Citrix Receiver Updater
"{4506A36C-D783-473A-886D-10869597FD50}" = Microsoft SQL Server System CLR Types
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4E11C06A-958A-3309-B68B-D9C9E1DAC741}" = Microsoft Team Foundation Server 2010 Object Model - ITA
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{628D1A27-5A51-3F8B-8268-F18189A5F9BE}" = Microsoft Visual Studio 2010 Ultimate - ITA
"{6317BB68-0331-355B-864F-A92A26952B22}" = Microsoft .NET Framework 4.5.1 (ITA)
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BDC0D7C-9E42-4667-8FA9-2F26A2FEF4D0}" = Citrix Receiver(USB)
"{6C487153-A286-48F7-BE55-717552E90E20}" = Self-service Plug-in
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{6EDB5962-A48A-453D-BCFB-38C63CBE0E88}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) it
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A61142C-CA19-4F3C-BA66-FF8F131501F9}" = Paint.NET v3.5.9
"{7A6466AD-F58D-4725-B137-18107797C316}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E699D7E-5DFC-4145-A6C5-743B2168B478}" = Framework applic. livello dati di Microsoft SQL Server 2008 R2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5.1 (Italiano)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A0FE2C0-7A7E-444E-8BD4-087178A91865}" = Online Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A14F2004-5A64-35A0-BA3F-C525B0E75263}" = Microsoft Help Viewer 1.0 Language Pack - ITA
"{A2C2CDC4-6C34-4A9A-8A88-373D48C998C3}" = Microsoft Sync Framework SDK v1.0 SP1 it
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A727A4C3-35B9-3DD6-A658-58B944D06089}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{ACB6D28B-2D17-314C-9C6C-B597C0A3C15A}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}" = Microsoft SQL Server Compact 3.5 SP2 ITA
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D4DEF616-6AC1-3A13-8264-9A9E7CD26BB8}" = Microsoft Visual Studio Macro Tools - ITA Language Pack
"{D67AEDE1-BCCF-4C5D-BF4F-A08FE92075B7}" = Citrix Receiver Inside
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB1C49C7-AC32-4785-A281-774744FC78F5}" = Citrix Authentication Manager
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13FF330-0F5A-4BBF-BAE1-D3D73EFBA8F8}" = Dotfuscator Software Services - Community Edition - ITA
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EC6C079F-4774-320C-AA9E-AE5C95CC5CE0}" = Microsoft Visual Studio 2010 Performance Collection Tools - ITA
"{EC94A726-7636-4693-9627-D8A8B44793EE}" = Citrix Receiver (HDX Flash Redirection)
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE25009F-97D8-4B9C-9FBD-D10A0B97B21D}" = Microsoft Sync Framework Services v1.0 SP1 (x86) it
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Battle.net" = Battle.net
"CCleaner" = CCleaner
"Cheat Engine 6.4_is1" = Cheat Engine 6.4
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cube World - July 23, 2013July 23, 2013" = Cube World - July 23, 2013
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Finale NotePad 2012" = Finale NotePad 2012
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LAME_is1" = LAME v3.99.3 (for Windows)
"Live 6.0.7" = Live 6.0.7
"Live 8.2.2" = Live 8.2.2
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - ITA" = Language Pack del Visualizzatore della Guida Microsoft 1.0 - ITA
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - ITA" = Modello a oggetti di Microsoft Team Foundation Server 2010 - ITA
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA" = Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA
"Microsoft Visual Studio 2010 Ultimate - ITA" = Microsoft Visual Studio 2010 Ultimate - ITA
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - ITA Language Pack" = Microsoft Visual Studio Macro Tools - ITA Language Pack
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Service Center" = Native Instruments Service Center
"NCH_EN Toolbar" = NCH EN Toolbar
"Razer Game Booster_is1" = Razer Game Booster
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Steam" = Steam
"Steam App 248570" = Toribash
"Synthesia" = Synthesia (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Windstream_BCUC" = Windstream Broadband Check-up Center
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4290186200-348354016-3305875341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/14/2014 1:09:54 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55389262
 
Error - 7/14/2014 1:09:54 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55389262
 
Error - 7/14/2014 1:10:09 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/14/2014 1:10:09 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55405128
 
Error - 7/14/2014 1:10:09 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55405128
 
Error - 7/14/2014 1:10:32 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/14/2014 1:10:32 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55428091
 
Error - 7/14/2014 1:10:32 PM | Computer Name = Matthew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55428091
 
Error - 7/14/2014 1:12:34 PM | Computer Name = Matthew-PC | Source = Google Update | ID = 20
Description = 
 
Error - 7/14/2014 1:12:47 PM | Computer Name = Matthew-PC | Source = Google Update | ID = 20
Description = 
 
[ Media Center Events ]
Error - 3/26/2011 7:06:33 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 7:06:30 PM - Error connecting to the internet.  7:06:30 PM -     Unable
 to contact server..  
 
Error - 3/26/2011 8:06:41 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 8:06:39 PM - Error connecting to the internet.  8:06:39 PM -     Unable
 to contact server..  
 
Error - 4/3/2011 9:43:03 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 9:43:03 PM - Error connecting to the internet.  9:43:03 PM -     Unable
 to contact server..  
 
Error - 4/3/2011 9:43:18 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 9:43:08 PM - Error connecting to the internet.  9:43:08 PM -     Unable
 to contact server..  
 
Error - 4/4/2011 6:26:47 AM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 6:26:46 AM - Error connecting to the internet.  6:26:46 AM -     Unable
 to contact server..  
 
Error - 4/4/2011 6:26:56 AM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 6:26:54 AM - Error connecting to the internet.  6:26:54 AM -     Unable
 to contact server..  
 
Error - 4/4/2011 5:30:11 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 5:30:11 PM - Error connecting to the internet.  5:30:11 PM -     Unable
 to contact server..  
 
Error - 4/4/2011 5:30:18 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 5:30:16 PM - Error connecting to the internet.  5:30:16 PM -     Unable
 to contact server..  
 
Error - 4/13/2011 4:51:34 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 4:51:34 PM - Error connecting to the internet.  4:51:34 PM -     Unable
 to contact server..  
 
Error - 4/13/2011 4:51:45 PM | Computer Name = Matthew-PC | Source = MCUpdate | ID = 0
Description = 4:51:40 PM - Error connecting to the internet.  4:51:40 PM -     Unable
 to contact server..  
 
[ OSession Events ]
Error - 6/23/2012 2:11:12 PM | Computer Name = Matthew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 64951
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 6/30/2012 6:08:57 PM | Computer Name = Matthew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 215
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/1/2012 6:00:06 PM | Computer Name = Matthew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14645
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/7/2012 11:14:01 AM | Computer Name = Matthew-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 392610
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/14/2014 2:12:24 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7022
Description = The Base Filtering Engine service hung on starting.
 
Error - 7/14/2014 2:12:29 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Base Filtering Engine 
service which failed to start because of the following error:   %%1070
 
Error - 7/14/2014 2:12:48 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Base Filtering Engine service,
 but this action failed with the following error:   %%1056
 
Error - 7/14/2014 2:21:11 PM | Computer Name = Matthew-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 7/14/2014 2:40:25 PM | Computer Name = Matthew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:39:24 PM on ?7/?14/?2014 was unexpected.
 
Error - 7/14/2014 2:40:23 PM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 7/14/2014 2:40:23 PM | Computer Name = Matthew-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 7/14/2014 2:40:32 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error: 
  %%127
 
Error - 7/14/2014 2:40:32 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 7/14/2014 2:53:53 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error:   %%16389
 
 
< End of report >
 

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Celticsfan4,

A bit of warning...you have a significant amount of Malware (Infections) on your computer. This is going to take several cleaning steps. Also, removing some of the infections "may" reveal additional issues. In other words, it may look like the computer is in worse condition after the first few fixes. Try not to worry, we will handle those issues if they occur.

First, a Peer to Peer warning. This is the "open door" that allowed much of your trouble to enter the computer!

P2P Warning
**IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

  • µTorrent
  • I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above.

    If you choose not to remove them, please do not use them until this computer is clean.

Ok, let's get to the cleaning.

OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (staring with and including the :Commands. All the way to, and including the [reboot] command) and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

 



:Commands

[createrestorepoint]



:OTL

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)



DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)



DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)



DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)



DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\SPPD.sys -- (SPPD)



DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)



DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)



DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)



DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)



DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)



DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)



DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)



DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =



IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



IE - HKLM\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}



IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-02-2013



&tb_mrud=09-02-2013



IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948



IE - HKLM\..\SearchScopes\{E99C349D-A088-48BE-AEB6-4F7FFD838AF9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...007&form=ZGAPHP



IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...007&form=ZGAPHP



IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {E99C349D-A088-48BE-AEB6-4F7FFD838AF9}



IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-02-2013



&tb_mrud=09-02-2013



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{C7D281D3-6BBB-435F-AC3D-7FC1C18D2250}: "URL" = http://search.yahoo....p={searchTerms}



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\SearchScopes\{E99C349D-A088-48BE-AEB6-4F7FFD838AF9}: "URL" = http://www.google.co...TSNA_en___US387



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local



IE - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 207.182.151.43:1080



FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found



FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found



[2013/06/10 23:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions



[2012/01/07 16:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions\[email protected]



O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found



O2 - BHO: (Supporti Registrazione test Web Microsoft 10.0) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll File not found



O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found



O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



O3 - HKU\S-1-5-21-4290186200-348354016-3305875341-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)



O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found



O4 - HKLM..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul File not found



O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found



O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found



O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found



O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found



O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found



O32 - AutoRun File - [2012/12/10 19:32:36 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]



O32 - AutoRun File - [2014/07/12 21:31:24 | 000,000,314 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]



[2014/07/13 20:36:11 | 000,103,140 | ---- | C] () -- C:\hvbk.pif



[2014/07/07 17:23:24 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\{4C1F1F39-E01E-42D5-8D52-8EFA6D6ED0CF}



[2014/06/21 18:12:47 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\{BCD06D4C-ACD2-4836-B293-3F53F96894B8}



[2011/04/16 13:57:25 | 000,014,848 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini



:commands



[resethosts]



[emptytemp]

Then press the Run Fix button

Next, Please Reset Internet Explorer by following the Instructions here.

Next, Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

Last, please post back to me the Moved Files log which will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run), and the FRST Logs; there will be two of them. Also, let me know how the Explorer Reset worked.


  • 0

#5
Celticsfan4

Celticsfan4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Biscuithd,

 

Thank you for the warning and I'll be sure not to use that program any more. About the reset, I usually use Google Chrome instead of IE so I decided to reset both. After resetting IE its been working better than usual, and after resetting Google Chrome it hasn't let me use it anymore. Whenever I hit enter when I type something into the address box it won't even start trying to load it. I feel like itll be fine if I redownload Chrome though. I'll wait to do that and just use IE until this mess is over though. The logs are below from the things you've told me to do.

 

OTL Moved Files:

Files\Folders moved on Reboot...
C:\autorun.inf moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Matthew (administrator) on MATTHEW-PC on 15-07-2014 16:54:40
Running from C:\Users\Matthew\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [685400 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [323968 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [2W4LGYJUDGFC] => C:\Users\Matthew\AppData\Roaming\6LAWMT9A.exe No File
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\windows\system32\osk.exe [646144 2014-06-17] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Run: [Facebook Update] => C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe [215920 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3202080 2013-06-25] (Disc Soft Ltd)
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4290186200-348354016-3305875341-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
BootExecute: autocheck autochk * sdnclean.exe
AlternateShell:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF
SearchScopes: HKCU - {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1F4A8E03-7E0E-47C8-BAEB-3024D5A8C96E}: [NameServer]174.114.184.185

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Matthew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-24]

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-24]

========================== Services (Whitelisted) =================

S3 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [263536 2009-08-10] (TOSHIBA CORPORATION) [File not signed]
S3 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [120176 2009-03-10] (TOSHIBA CORPORATION) [File not signed]
S3 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [397312 2010-05-04] (Alcatel-Lucent) [File not signed]
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29256048 2007-02-10] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [119000 2005-10-14] (Microsoft Corporation) [File not signed]
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation) [File not signed]
S3 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\windows\system32\GameMon.des [4402456 2010-09-29] (INCA Internet Co., Ltd.) [File not signed]
S4 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2012-02-12] ()
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S4 SQLBrowser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [316272 2007-02-10] (Microsoft Corporation) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

R3 dtscsibus; C:\windows\System32\DRIVERS\dtscsibus.sys [24704 2009-07-01] (Disc Soft Ltd)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-07-05] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-07-05] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 RTL8187B; C:\windows\System32\DRIVERS\RTL8187B.sys [374272 2009-07-01] (Realtek Semiconductor Corporation                           )
S3 sscebus; C:\windows\System32\DRIVERS\sscebus.sys [98560 2009-10-08] (MCCI Corporation)
S3 sscemdfl; C:\windows\System32\DRIVERS\sscemdfl.sys [14848 2009-10-08] (MCCI Corporation)
S3 sscemdm; C:\windows\System32\DRIVERS\sscemdm.sys [123648 2009-10-08] (MCCI Corporation)
R0 WRkrn; C:\windows\System32\drivers\WRkrn.sys [114688 2013-06-10] (Webroot)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 LMIRfsClientNP; No ImagePath
U4 Messenger;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-15 16:54 - 2014-07-15 16:56 - 00027182 _____ () C:\Users\Matthew\Downloads\FRST.txt
2014-07-15 16:53 - 2014-07-15 16:55 - 00000000 ____D () C:\FRST
2014-07-15 16:53 - 2014-07-15 16:53 - 01077248 _____ (Farbar) C:\Users\Matthew\Desktop\FRST.exe
2014-07-15 16:37 - 2014-07-15 16:37 - 00000000 __SHD () C:\Users\Matthew\AppData\Local\EmieUserList
2014-07-15 16:37 - 2014-07-15 16:37 - 00000000 __SHD () C:\Users\Matthew\AppData\Local\EmieSiteList
2014-07-15 16:32 - 2014-07-15 16:32 - 00103140 __RSH () C:\jwjjy.exe
2014-07-15 16:16 - 2014-07-15 16:16 - 00103140 _____ () C:\hvbk.pif
2014-07-15 16:08 - 2014-07-15 16:08 - 00000000 ____D () C:\_OTL
2014-07-15 16:02 - 2014-07-15 16:02 - 00000000 ____D () C:\a3c46663a126df22e7a71094
2014-07-14 16:11 - 2014-07-14 16:11 - 00120946 _____ () C:\Users\Matthew\Desktop\Extras.Txt
2014-07-14 16:03 - 2014-07-14 16:03 - 00231220 _____ () C:\Users\Matthew\Desktop\OTL.Txt
2014-07-14 15:26 - 2014-07-14 15:27 - 00602112 _____ (OldTimer Tools) C:\Users\Matthew\Desktop\OTL.exe
2014-07-13 20:31 - 2014-07-13 20:31 - 00031584 _____ () C:\Users\Matthew\Desktop\MBAM.txt
2014-07-13 13:49 - 2014-07-13 13:49 - 00001906 _____ () C:\Users\Matthew\Desktop\aswMBR.txt
2014-07-13 13:49 - 2014-07-13 13:49 - 00000512 _____ () C:\Users\Matthew\Desktop\MBR.dat
2014-07-13 13:40 - 2014-07-13 13:40 - 05185536 _____ (AVAST Software) C:\Users\Matthew\Downloads\aswMBR.exe
2014-07-13 13:36 - 2014-07-13 13:37 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Matthew\Downloads\tdsskiller.exe
2014-07-13 13:33 - 2014-07-13 13:35 - 00002106 _____ () C:\Users\Matthew\Desktop\Rkill.txt
2014-07-13 13:33 - 2014-07-13 13:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Matthew\Downloads\rkill.com
2014-07-12 17:18 - 2014-07-13 13:04 - 00000000 ____D () C:\Users\Matthew\AppData\Local\26502
2014-07-12 16:21 - 2014-07-13 21:34 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 16:20 - 2014-07-12 16:20 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 16:20 - 2014-07-12 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 16:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-12 16:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-12 16:19 - 2014-07-12 16:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-09 22:18 - 2014-07-09 22:18 - 00000000 ____D () C:\Users\Matthew\Desktop\Moms Passwords and Usernames
2014-07-09 20:20 - 2014-07-09 20:20 - 00168670 _____ () C:\Users\Matthew\Downloads\rs.htm
2014-07-09 20:20 - 2014-07-09 20:20 - 00000000 ____D () C:\Users\Matthew\Downloads\rs_files
2014-07-09 20:06 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 20:06 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 20:06 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 20:06 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 20:06 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 20:06 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 20:06 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 20:06 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 20:06 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 20:06 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 20:06 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 20:06 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 20:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 20:05 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 20:05 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 20:05 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 20:05 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 20:05 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 20:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 20:05 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 20:05 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 20:05 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 20:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 20:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 20:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 20:05 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 20:05 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 20:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 20:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 20:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 20:02 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 20:02 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 20:02 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 20:02 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 20:02 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 20:02 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-07 07:10 - 2014-07-07 07:10 - 00001264 _____ () C:\Users\Matthew\Downloads\f.txt
2014-07-06 17:41 - 2014-07-06 17:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-06 17:41 - 2014-07-06 17:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-06 17:34 - 2014-07-06 17:39 - 111107408 _____ (Apple Inc.) C:\Users\Matthew\Downloads\iTunesSetup.exe
2014-07-06 17:33 - 2014-07-06 17:33 - 00285621 _____ () C:\Users\Matthew\Downloads\wow,_waka_flocka.m4r
2014-07-06 17:32 - 2014-07-06 17:32 - 00000000 ____D () C:\Users\Matthew\Desktop\Cadence 2014-2015
2014-07-06 17:27 - 2014-07-06 17:27 - 03016826 _____ ( ) C:\Users\Matthew\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe
2014-07-06 17:26 - 2014-07-06 17:26 - 00527423 _____ ( ) C:\Users\Matthew\Downloads\Lame_v3.99.3_for_Windows.exe
2014-07-06 17:26 - 2014-07-06 17:26 - 00000000 ____D () C:\Program Files\Lame For Audacity
2014-07-02 14:05 - 2014-07-02 14:05 - 00001957 _____ () C:\Users\Matthew\Desktop\FL Studio 11.lnk
2014-07-02 14:05 - 2014-07-02 14:05 - 00000000 ____D () C:\Program Files\VstPlugins
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\Documents\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\FlowStone
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Program Files\DSPRobotics
2014-07-02 13:21 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\Matthew\Documents\Razer
2014-07-02 13:21 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Razer_Inc
2014-07-02 13:20 - 2014-07-02 13:20 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Razer
2014-07-02 13:18 - 2014-07-02 13:18 - 00002042 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-02 13:17 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Razer
2014-07-02 13:17 - 2014-07-02 13:17 - 00000000 ____D () C:\Program Files\Razer
2014-07-02 13:11 - 2014-07-02 13:15 - 41954352 _____ (Razer Inc. ) C:\Users\Matthew\Downloads\RazerGameBoosterSetup_4.2.45.0.exe
2014-07-02 12:37 - 2014-07-02 13:58 - 00000000 ____D () C:\Users\Matthew\Documents\FL Studio Producer Edition 11.0.4 Signature Bundle [ChingLiu]
2014-07-02 12:36 - 2014-07-02 12:37 - 00025095 _____ () C:\Users\Matthew\Downloads\[kickass.to]fl.studio.producer.edition.11.0.4.signature.bundle.chingliu.torrent
2014-07-01 18:22 - 2014-07-01 18:22 - 00001014 _____ () C:\Users\Matthew\Desktop\Cheat Engine.lnk
2014-07-01 18:22 - 2014-07-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-07-01 18:22 - 2014-07-01 18:22 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
2014-07-01 18:18 - 2014-07-01 18:19 - 09052192 _____ (Cheat Engine ) C:\Users\Matthew\Downloads\CheatEngine64.exe

==================== One Month Modified Files and Folders =======

2014-07-15 17:00 - 2012-06-24 00:32 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 16:56 - 2014-07-15 16:54 - 00027182 _____ () C:\Users\Matthew\Downloads\FRST.txt
2014-07-15 16:55 - 2014-07-15 16:53 - 00000000 ____D () C:\FRST
2014-07-15 16:53 - 2014-07-15 16:53 - 01077248 _____ (Farbar) C:\Users\Matthew\Desktop\FRST.exe
2014-07-15 16:48 - 2010-07-07 23:45 - 01416886 _____ () C:\windows\WindowsUpdate.log
2014-07-15 16:39 - 2009-07-14 00:34 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 16:39 - 2009-07-14 00:34 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 16:37 - 2014-07-15 16:37 - 00000000 __SHD () C:\Users\Matthew\AppData\Local\EmieUserList
2014-07-15 16:37 - 2014-07-15 16:37 - 00000000 __SHD () C:\Users\Matthew\AppData\Local\EmieSiteList
2014-07-15 16:32 - 2014-07-15 16:32 - 00103140 __RSH () C:\jwjjy.exe
2014-07-15 16:30 - 2013-11-27 17:47 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 16:30 - 2013-02-15 18:32 - 00051804 _____ () C:\windows\setupact.log
2014-07-15 16:30 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-15 16:16 - 2014-07-15 16:16 - 00103140 _____ () C:\hvbk.pif
2014-07-15 16:15 - 2013-11-27 17:47 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 16:08 - 2014-07-15 16:08 - 00000000 ____D () C:\_OTL
2014-07-15 16:04 - 2012-04-27 23:27 - 00000000 ____D () C:\Program Files\uTorrent
2014-07-15 16:03 - 2013-08-14 08:50 - 00000000 ____D () C:\windows\system32\MRT
2014-07-15 16:02 - 2014-07-15 16:02 - 00000000 ____D () C:\a3c46663a126df22e7a71094
2014-07-15 16:02 - 2011-08-21 18:19 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000UA.job
2014-07-14 18:30 - 2011-08-21 18:19 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000Core.job
2014-07-14 16:11 - 2014-07-14 16:11 - 00120946 _____ () C:\Users\Matthew\Desktop\Extras.Txt
2014-07-14 16:03 - 2014-07-14 16:03 - 00231220 _____ () C:\Users\Matthew\Desktop\OTL.Txt
2014-07-14 15:27 - 2014-07-14 15:26 - 00602112 _____ (OldTimer Tools) C:\Users\Matthew\Desktop\OTL.exe
2014-07-14 14:03 - 2011-01-15 13:19 - 00007596 _____ () C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
2014-07-13 21:34 - 2014-07-12 16:21 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 21:17 - 2009-07-14 00:53 - 00032592 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-13 20:32 - 2011-09-03 22:48 - 00000000 ____D () C:\Users\Matthew\AppData\Local\OpenCandy
2014-07-13 20:31 - 2014-07-13 20:31 - 00031584 _____ () C:\Users\Matthew\Desktop\MBAM.txt
2014-07-13 13:49 - 2014-07-13 13:49 - 00001906 _____ () C:\Users\Matthew\Desktop\aswMBR.txt
2014-07-13 13:49 - 2014-07-13 13:49 - 00000512 _____ () C:\Users\Matthew\Desktop\MBR.dat
2014-07-13 13:40 - 2014-07-13 13:40 - 05185536 _____ (AVAST Software) C:\Users\Matthew\Downloads\aswMBR.exe
2014-07-13 13:37 - 2014-07-13 13:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Matthew\Downloads\tdsskiller.exe
2014-07-13 13:35 - 2014-07-13 13:33 - 00002106 _____ () C:\Users\Matthew\Desktop\Rkill.txt
2014-07-13 13:33 - 2014-07-13 13:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Matthew\Downloads\rkill.com
2014-07-13 13:04 - 2014-07-12 17:18 - 00000000 ____D () C:\Users\Matthew\AppData\Local\26502
2014-07-12 20:50 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
2014-07-12 17:19 - 2009-07-13 22:04 - 00000250 _____ () C:\windows\system.ini
2014-07-12 16:20 - 2014-07-12 16:20 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 16:20 - 2014-07-12 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 16:20 - 2014-07-12 16:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-12 16:20 - 2011-06-23 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 16:20 - 2011-06-23 15:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-10 20:38 - 2014-05-10 02:26 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-07-09 22:18 - 2014-07-09 22:18 - 00000000 ____D () C:\Users\Matthew\Desktop\Moms Passwords and Usernames
2014-07-09 21:51 - 2011-01-09 16:34 - 00000000 ____D () C:\Users\Matthew\AppData\Local\FullTiltPoker
2014-07-09 20:51 - 2011-01-09 16:37 - 00000000 ____D () C:\Users\Matthew\AppData\Local\cache
2014-07-09 20:20 - 2014-07-09 20:20 - 00168670 _____ () C:\Users\Matthew\Downloads\rs.htm
2014-07-09 20:20 - 2014-07-09 20:20 - 00000000 ____D () C:\Users\Matthew\Downloads\rs_files
2014-07-08 20:00 - 2012-06-24 00:31 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-08 20:00 - 2011-05-15 11:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-07 07:10 - 2014-07-07 07:10 - 00001264 _____ () C:\Users\Matthew\Downloads\f.txt
2014-07-06 17:42 - 2014-07-06 17:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-06 17:42 - 2011-05-12 19:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-06 17:41 - 2014-07-06 17:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-06 17:39 - 2014-07-06 17:34 - 111107408 _____ (Apple Inc.) C:\Users\Matthew\Downloads\iTunesSetup.exe
2014-07-06 17:33 - 2014-07-06 17:33 - 00285621 _____ () C:\Users\Matthew\Downloads\wow,_waka_flocka.m4r
2014-07-06 17:32 - 2014-07-06 17:32 - 00000000 ____D () C:\Users\Matthew\Desktop\Cadence 2014-2015
2014-07-06 17:31 - 2011-12-19 22:26 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Audacity
2014-07-06 17:27 - 2014-07-06 17:27 - 03016826 _____ ( ) C:\Users\Matthew\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe
2014-07-06 17:26 - 2014-07-06 17:26 - 00527423 _____ ( ) C:\Users\Matthew\Downloads\Lame_v3.99.3_for_Windows.exe
2014-07-06 17:26 - 2014-07-06 17:26 - 00000000 ____D () C:\Program Files\Lame For Audacity
2014-07-04 10:25 - 2012-07-01 18:01 - 00170148 _____ () C:\windows\PFRO.log
2014-07-02 18:16 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\NDF
2014-07-02 14:05 - 2014-07-02 14:05 - 00001957 _____ () C:\Users\Matthew\Desktop\FL Studio 11.lnk
2014-07-02 14:05 - 2014-07-02 14:05 - 00000000 ____D () C:\Program Files\VstPlugins
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\Documents\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Image-Line
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\FlowStone
2014-07-02 14:04 - 2014-07-02 14:04 - 00000000 ____D () C:\Program Files\DSPRobotics
2014-07-02 14:00 - 2012-01-08 13:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-02 13:58 - 2014-07-02 12:37 - 00000000 ____D () C:\Users\Matthew\Documents\FL Studio Producer Edition 11.0.4 Signature Bundle [ChingLiu]
2014-07-02 13:53 - 2011-07-09 14:00 - 00000000 ____D () C:\Program Files\Pando Networks
2014-07-02 13:43 - 2011-10-22 23:26 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-07-02 13:39 - 2009-07-01 17:58 - 00000000 ____D () C:\Program Files\Guild Wars 2
2014-07-02 13:39 - 2009-07-01 17:26 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra
2014-07-02 13:37 - 2014-05-17 11:42 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-02 13:37 - 2014-05-17 11:29 - 00000000 ____D () C:\Program Files\Steam
2014-07-02 13:35 - 2011-07-30 22:45 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Skype
2014-07-02 13:34 - 2011-07-30 22:45 - 00000000 ____D () C:\ProgramData\Skype
2014-07-02 13:21 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\Matthew\Documents\Razer
2014-07-02 13:21 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Razer_Inc
2014-07-02 13:20 - 2014-07-02 13:20 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Razer
2014-07-02 13:18 - 2014-07-02 13:18 - 00002042 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-02 13:18 - 2014-07-02 13:17 - 00000000 ____D () C:\ProgramData\Razer
2014-07-02 13:17 - 2014-07-02 13:17 - 00000000 ____D () C:\Program Files\Razer
2014-07-02 13:15 - 2014-07-02 13:11 - 41954352 _____ (Razer Inc. ) C:\Users\Matthew\Downloads\RazerGameBoosterSetup_4.2.45.0.exe
2014-07-02 12:37 - 2014-07-02 12:36 - 00025095 _____ () C:\Users\Matthew\Downloads\[kickass.to]fl.studio.producer.edition.11.0.4.signature.bundle.chingliu.torrent
2014-07-02 12:35 - 2013-05-05 20:25 - 00000000 ____D () C:\Users\Matthew\AppData\Local\LogMeIn Hamachi
2014-07-01 18:47 - 2013-06-05 19:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\.technic
2014-07-01 18:22 - 2014-07-01 18:22 - 00001014 _____ () C:\Users\Matthew\Desktop\Cheat Engine.lnk
2014-07-01 18:22 - 2014-07-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-07-01 18:22 - 2014-07-01 18:22 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
2014-07-01 18:19 - 2014-07-01 18:18 - 09052192 _____ (Cheat Engine ) C:\Users\Matthew\Downloads\CheatEngine64.exe
2014-07-01 18:12 - 2014-04-14 14:34 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Battle.net
2014-07-01 17:04 - 2014-04-14 14:37 - 00000000 ____D () C:\Program Files\Hearthstone
2014-07-01 17:02 - 2014-04-14 14:33 - 00000000 ____D () C:\Program Files\Battle.net
2014-06-26 17:38 - 2012-02-23 22:40 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-20 15:39 - 2014-07-09 20:06 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-18 20:16 - 2014-07-09 20:05 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 19:56 - 2014-07-09 20:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 19:56 - 2014-07-09 20:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 19:38 - 2014-07-09 20:05 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 19:37 - 2014-07-09 20:05 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 19:36 - 2014-07-09 20:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 20:05 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 19:32 - 2014-07-09 20:05 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 19:28 - 2014-07-09 20:06 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 20:06 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 19:25 - 2014-07-09 20:05 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 19:23 - 2014-07-09 20:06 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 19:23 - 2014-07-09 20:06 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 19:22 - 2014-07-09 20:05 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 19:16 - 2014-07-09 20:06 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 19:12 - 2014-07-09 20:06 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 20:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 20:05 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 18:59 - 2014-07-09 20:05 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 20:05 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 20:05 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 18:52 - 2014-07-09 20:05 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 18:49 - 2014-07-09 20:06 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 20:05 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 20:05 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 20:05 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:13 - 2014-07-09 20:05 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:09 - 2014-07-09 20:06 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:07 - 2014-07-09 20:06 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-17 21:51 - 2014-07-09 20:02 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 20:52 - 2014-07-09 20:02 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-15 10:21 - 2009-08-23 21:54 - 00849546 _____ () C:\windows\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Matthew\jagex_cl_loginapplet_LIVE.dat
C:\Users\Matthew\jagex_cl_oldschool_LIVE.dat
C:\Users\Matthew\jagex_cl_runescape_LIVE.dat
C:\Users\Matthew\jagex_cl_runescape_LIVE1.dat
C:\Users\Matthew\jagex_cl_runescape_LIVE2.dat
C:\Users\Matthew\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Matthew\jagex_runescape_preferences.dat
C:\Users\Matthew\jagex_runescape_preferences2.dat
C:\Users\Matthew\jagex__preferences3.dat
C:\Users\Matthew\matrix_cl_matrix_LIVE.dat
C:\Users\Matthew\random.dat

Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\temp\6yglzxt6.dll
C:\Users\Matthew\AppData\Local\temp\acufutls.dll
C:\Users\Matthew\AppData\Local\temp\acuutils.dll
C:\Users\Matthew\AppData\Local\temp\llbwjg6f.dll
C:\Users\Matthew\AppData\Local\temp\NGMDll.dll
C:\Users\Matthew\AppData\Local\temp\NGMResource.dll
C:\Users\Matthew\AppData\Local\temp\swt-win32-3349.dll
C:\Users\Matthew\AppData\Local\temp\unicows.dll
C:\Users\Matthew\AppData\Local\temp\vkfgfamm.dll

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-12 09:57

==================== End Of Log ============================

 

FRST Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Matthew at 2014-07-15 17:07:51
Running from C:\Users\Matthew\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.0.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Citrix Authentication Manager (Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
Cube World - July 23, 2013 (HKLM\...\Cube World - July 23, 2013July 23, 2013) (Version: July 23, 2013 - Friends in War)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 1.1.0.0103 - Disc Soft Ltd)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dotfuscator Software Services - Community Edition - ITA (HKLM\...\{E13FF330-0F5A-4BBF-BAE1-D3D73EFBA8F8}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Framework applic. livello dati di Microsoft SQL Server 2008 R2 (HKLM\...\{7E699D7E-5DFC-4145-A6C5-743B2168B478}) (Version: 10.50.1447.4 - Microsoft Corporation)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.10.1.WIN.FullTilt.COM - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
J2SE Runtime Environment 5.0 Update 21 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150210}) (Version: 1.5.0.210 - Sun Microsystems, Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 9 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Language Pack del Visualizzatore della Guida Microsoft 1.0 - ITA (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - ITA) (Version: 1.0.30319 - Microsoft Corporation)
League of Legends (Version: 1.0020 - Riot Games) Hidden
Live 6.0.7 (HKLM\...\Live 6.0.7) (Version:  - )
Live 8.2.2 (HKLM\...\Live 8.2.2) (Version:  - )
LWS Twitter (Version: 13.00.1216.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - ITA (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A6466AD-F58D-4725-B137-18107797C316}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{10722A88-7C26-4F90-A520-88B40A91E485}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{2C5B81B0-D8C7-4D4E-A746-3AEB49521B4D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ITA (HKLM\...\{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{4506A36C-D783-473A-886D-10869597FD50}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) it (HKLM\...\{222BD298-FD64-45CD-8D27-943806044729}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 it (HKLM\...\{A2C2CDC4-6C34-4A9A-8A88-373D48C998C3}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) it (HKLM\...\{EE25009F-97D8-4B9C-9FBD-D10A0B97B21D}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) it (HKLM\...\{6EDB5962-A48A-453D-BCFB-38C63CBE0E88}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ITA (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{ACB6D28B-2D17-314C-9C6C-B597C0A3C15A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Performance Collection Tools - ITA (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ITA (HKLM\...\Microsoft Visual Studio 2010 Ultimate - ITA) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ITA (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools - ITA Language Pack (HKLM\...\Microsoft Visual Studio Macro Tools - ITA Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - ITA Language Pack (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Modello a oggetti di Microsoft Team Foundation Server 2010 - ITA (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ITA) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Massive (Version: 1.3.0.2050 - Native Instruments) Hidden
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version:  - )
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
NCH EN Toolbar (HKLM\...\NCH_EN Toolbar) (Version: 6.3.3.3 - NCH EN)
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
Online Plug-in (Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Paint.NET v3.5.9 (HKLM\...\{7A61142C-CA19-4F3C-BA66-FF8F131501F9}) (Version: 3.59.0 - dotPDN LLC)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0005 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
reFX Nexus VSTi RTAS v2.2.0 (HKLM\...\reFX Nexus_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.2.912.17215 - SAMSUNG Electronics Co., Ltd.)
Self-service Plug-in (Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (remove only) (HKLM\...\Synthesia) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toribash (HKLM\...\Steam App 248570) (Version:  - Nabi Studios)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.10 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.25 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version:  - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA (HKLM\...\{22F90F2E-1DA2-4801-A58C-FC3D13297749}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM\...\Windstream_BCUC) (Version:  - )
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Restore Points  =========================

04-07-2014 23:45:01 Scheduled Checkpoint
09-07-2014 23:53:06 Windows Update
10-07-2014 23:23:52 Windows Update
14-07-2014 19:33:29 OTL Restore Point - 7/14/2014 3:33:25 PM
15-07-2014 20:01:50 Windows Update

==================== Hosts content: ==========================

2011-06-23 14:43 - 2014-07-15 16:15 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {250096F2-7B7F-4052-80FA-F8F8D0F98D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {26A954F5-57D9-4FB2-9CB0-DA9078F1C34E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4290186200-348354016-3305875341-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {4A89873B-6F1A-4D53-9408-58A5BE3EBA00} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000UA => C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {4DBAFE4C-2C50-4CB1-894F-F5D8A87B44D5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {6DC42387-CA8D-4073-BB25-16270A41C5E3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {6F2C1E4B-D46A-4482-A233-7785996F7B40} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000Core => C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {723C1693-2CF9-4FA3-B6E2-37568E954836} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {7E8C4984-1943-4750-89BC-E8C0E6ED0454} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4290186200-348354016-3305875341-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {85A91E2C-458F-46E3-8EDA-A2B90EE7553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {A65D84ED-DC64-423D-A0E9-5AA488C7CB5C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {D6F290A3-49BC-4FEC-8DC6-F5E2116A4113} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000Core.job => C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4290186200-348354016-3305875341-1000UA.job => C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-10 19:52 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-23 21:51 - 2009-06-22 18:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 14:07 - 2009-07-25 14:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-08-03 21:17 - 2009-08-03 21:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-12 19:24 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 19:24 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 19:24 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

 

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\startupfolder: C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matthew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpeetItUpFree => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre7\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Weather => C:\Program Files\AWS\WeatherBug\Weather.exe 1
MSCONFIG\startupreg: Windstream_BCUC_McciTrayApp => "C:\Program Files\Windstream_BCUC\McciTrayApp.exe"
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 01:12:47 PM) (Source: Google Update) (EventID: 20) (User: Matthew-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (07/14/2014 01:12:34 PM) (Source: Google Update) (EventID: 20) (User: Matthew-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (07/14/2014 01:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55428091

Error: (07/14/2014 01:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55428091

Error: (07/14/2014 01:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 01:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55405128

Error: (07/14/2014 01:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55405128

Error: (07/14/2014 01:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2014 01:09:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55389262

Error: (07/14/2014 01:09:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55389262

System errors:
=============
Error: (07/15/2014 04:34:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
%%16389

Error: (07/15/2014 04:30:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Security service terminated with the following error:
%%127

Error: (07/15/2014 04:30:25 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/15/2014 04:30:25 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/15/2014 04:30:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:28:47 PM on ‎7/‎15/‎2014 was unexpected.

Error: (07/15/2014 04:08:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/15/2014 04:02:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (07/15/2014 04:01:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/15/2014 00:47:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (07/14/2014 05:09:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Microsoft Office Sessions:
=========================
Error: (07/07/2012 11:14:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 392610 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/01/2012 06:00:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14645 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/30/2012 06:08:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 215 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/23/2012 02:11:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 64951 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2011-06-23 14:55:10.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-23 14:55:10.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-23 14:46:44.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-23 14:46:44.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-23 14:39:41.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-23 14:39:41.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-22 23:05:33.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-22 23:05:33.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-22 20:05:12.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-06-22 20:05:12.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3581.83 MB
Available physical RAM: 2234.79 MB
Total Pagefile: 7161.95 MB
Available Pagefile: 5726.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.43 MB

==================== Drives ================================

Drive c: (TI102902W0D) (Fixed) (Total:223.48 GB) (Free:143.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EF9953FA)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

==================== End Of Log ============================


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Celticsfan4

 

I have a few more scans and fixes for you. The first is an FRST fix. Right now you have FRST in your Download directory. The fix needs to be placed in the same directory as FRST. It might be easier if you moved FRST to the Desktop and then save the fix to the Desktop and run the Fix from there.

 

 

First Step.

 

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...\Policies\Explorer\Run: [2W4LGYJUDGFC] => C:\Users\Matthew\AppData\Roaming\6LAWMT9A.exe No File

SearchScopes: HKLM - DefaultScope {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA

SearchScopes: HKLM - {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA

SearchScopes: HKCU - DefaultScope {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF

SearchScopes: HKCU - {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF

FF Plugin: @microsoft.com/GENUINE - disabled No File

2014-07-15 16:32 - 2014-07-15 16:32 - 00103140 __RSH () C:\jwjjy.exe

2014-07-15 16:16 - 2014-07-15 16:16 - 00103140 _____ () C:\hvbk.pif

2014-07-15 16:02 - 2014-07-15 16:02 - 00000000 ____D () C:\a3c46663a126df22e7a71094

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last (after you've run all the other scans), rerun FRST and press the Scan button. When FRST completes you will find one log. Please post that log with the adwCleaner log, the Junkware log, and the Security Log.

 

Also, let me know how the computer is working.


  • 0

#7
Celticsfan4

Celticsfan4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Buscuithd,

I'd just like to sincerely thank you for helping me out with this because it seems like a lot of work on your part. I was able to do everything but i had a little bit of difficulty because my laptops been running even slower sometimes. Simple applications will just stop responding for about 10 minutes straight. I was trying to move FRST onto the desktop and it took 30 minutes because the downloads folder explorer kept stop responding. But i was able to eventually get everything. Besides these slow fits, the computers running pretty well sometimes. And also with the Security Check, it would said that it wasn't compatible with my operating system and abort. I tried it from both download sources to no avail. All the other logs are all down below.

 

FRST Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Matthew at 2014-07-16 14:55:36 Run:1
Running from C:\Users\Matthew\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer\Run: [2W4LGYJUDGFC] => C:\Users\Matthew\AppData\Roaming\6LAWMT9A.exe No File
 
SearchScopes: HKLM - DefaultScope {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA
 
SearchScopes: HKLM - {496B5BA1-F959-45CD-9C74-1DDAA2FF26AD} URL = http://www.google.co...ng}&rlz=1I7TSNA
 
SearchScopes: HKCU - DefaultScope {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF
 
SearchScopes: HKCU - {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = http://www.bing.com/...UGO&form=ZGAIDF
 
FF Plugin: @microsoft.com/GENUINE - disabled No File
 
2014-07-15 16:32 - 2014-07-15 16:32 - 00103140 __RSH () C:\jwjjy.exe
 
2014-07-15 16:16 - 2014-07-15 16:16 - 00103140 _____ () C:\hvbk.pif
 
2014-07-15 16:02 - 2014-07-15 16:02 - 00000000 ____D () C:\a3c46663a126df22e7a71094
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\2W4LGYJUDGFC => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{496B5BA1-F959-45CD-9C74-1DDAA2FF26AD}' => Key deleted successfully.
'HKCR\CLSID\{496B5BA1-F959-45CD-9C74-1DDAA2FF26AD}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23758B0B-0D9F-32A3-A476-D9B1033E7A1E}' => Key deleted successfully.
'HKCR\CLSID\{23758B0B-0D9F-32A3-A476-D9B1033E7A1E}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
C:\jwjjy.exe => Moved successfully.
C:\hvbk.pif => Moved successfully.
C:\a3c46663a126df22e7a71094 => Moved successfully.
 
==== End of Fixlog ====
 
Adwcleaner Log:
# AdwCleaner v3.215 - Report created 16/07/2014 at 15:31:37
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Matthew - MATTHEW-PC
# Running from : C:\Users\Matthew\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.onlineautoinsurance.com/get-quotes/quotes.php?listing=bw&source=msearch&campid=%7Bcreative%7D&affsub=car+insurance+calculator&src=tz_oai_bing&sub_id=car+insurance+calculator&pub_id=car+insurance+calculator&q_publisher=bing&q_creative=4355691463&q_criteria=24880131301&q_matchtype=e&q_query=car+insurance+calculator&utm_source=bing&utm_medium=cpc&utm_campaign=bing_sem&utm_term=car+insurance+calculator&q_type=calculator&landing=%2Fget-quotes%2FIndex.php&full_url=www.onlineautoinsurance.com%2Fget-quotes%2FIndex.php&referer=hxxp%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dcar%2520insurance%2520calculator%26pc%3Dconduit%26ptag%3DG1067-AC70C20CFA11F4D319EF%26form%3DCONBNT%26conlogo%3DCT3210127&zipcode={searchTerms}&insurance=Y&submit=Start+your+Quote
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [9995 octets] - [16/07/2014 14:58:31]
AdwCleaner[R1].txt - [1874 octets] - [16/07/2014 15:22:16]
AdwCleaner[S0].txt - [10588 octets] - [16/07/2014 15:00:26]
AdwCleaner[S1].txt - [1803 octets] - [16/07/2014 15:31:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1863 octets] ##########
 
JRT Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Matthew on Wed 07/16/2014 at 16:05:20.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\Users\Matthew\appdata\locallow\whitesmoketoolbar"
Successfully deleted: [Folder] "C:\Users\Matthew\Local Settings\Application Data\tempdir"
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{02EF024E-63D7-4D02-AFE6-DF560066990F}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{093C1784-6859-4BFA-A2F5-1DD23461407D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{0A11A369-5722-42C3-88C0-13357E5BED8B}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{0D92EFFD-31BE-42BE-8A04-1A3DFE44D199}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{0F59406C-E068-47FF-84DC-2DC7DA073805}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{12A36B5A-80ED-4146-8787-72C492B0012D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{12CCC577-31B2-4E17-8532-C7F8521A597D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{12F61386-85DD-4092-B2B5-1807AA81C242}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{16C23F8E-E870-42D0-89FD-BB0C5D59A57D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{1C497163-80FB-44F9-A242-B6E0BFA9344D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{1E0C4A22-7C46-4B43-900E-79F7BC07B57E}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2462C8A3-0657-4B6C-BC06-38BDDA5FDEC8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{25F2A7C2-BECA-4975-9E0C-F5555E2CEC8C}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{27583E42-FE4F-4A16-B978-23A3FF6D8C5A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{28AAE868-FD49-4D41-B0E3-2D94282E1D0D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2915CFBA-28B5-4305-80BB-5EA2D66AB12C}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2A778005-CABF-4806-8946-B06F28880235}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2C53C841-9D1E-4270-BF44-841493742292}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2C9864A1-82EA-4F9F-9786-D42B796DDEA1}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{2F364C30-590C-4379-82AD-988AE456BFDB}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{317BB949-EB4D-471A-8D22-99A51B5348F9}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{33C0B19D-0CCD-485C-AB5F-7D9F398C3858}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{3612A852-7F45-45F6-8BA0-439A316702CA}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{3625011C-D65D-46B1-AD11-3F781F9ED45F}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{37BCFBFB-D3F5-44F5-80E7-409AD32A8C06}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{41080E45-991D-453C-860A-581AFCBCA03B}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{437D38F9-6EA5-463B-BF61-FE697E25E879}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{4475A571-41BC-41E4-8268-35A0044CBAE7}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{44952806-0157-420C-9717-374C6D54E398}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{47EAA15C-2DA8-48A7-B13D-CB8D7986E3F7}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{4867E673-9C54-4632-9AFC-CC10505B6504}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{486A35D9-1BFF-4B9D-B92D-B30623D9667E}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{48B359CA-EBDF-4312-A85A-F53E841F75C1}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{4C3201C5-6992-40B0-A924-5E708FEDF816}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{4FEDF7EC-B285-4AD7-B98E-6FB8F65760D8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{4FF89570-0D27-470E-A6A5-D4BC9BB93B8D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{517765CA-9B19-454A-9A12-435B7DD16986}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{5342ED08-68D7-4092-B939-3891AD458A93}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{55C95A32-3FF8-4D71-906F-6873281BE271}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{57DFAD71-E399-4AD9-8DA5-3482D3C4A49E}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{597548E5-44A2-4206-9BDA-1F09E3F1C203}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{5F788044-16A0-4423-9D72-92BDF23D9DBC}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{6037039E-3551-439B-975E-52BC2AA24EBD}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{60E74D87-03DC-40C1-AC4D-3836CD298EE0}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{6364A47C-BAD8-4C03-9F6C-18DA857ABEE8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{65977C95-8652-4DE9-981A-F21CDD76EDA8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{65C076C9-F861-4623-97A0-5C70172C7109}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{67813FA0-F081-4669-89DB-F1533D8058E2}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{68C3C297-6AAF-44A2-997D-142064181A30}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{692C4C3D-9033-47A8-A871-26DD41646DE8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{6C003FD7-094C-4993-9F7F-B4DE790FC474}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{6C4634D9-2FE6-418D-9BAF-ED791B03A7EB}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{720D5331-2B45-4CC6-9D2C-2497571B4647}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7291AAA5-1673-477D-AE3A-68C5550BF6EF}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{742C318A-824C-4838-8145-64E6A9E123D5}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{74B88FA0-5F9E-425A-9F68-C9719DEDCC05}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{750EBC1C-3469-45B7-8EA6-CE0627C5A97F}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7836A449-03AA-4BB7-8998-DD7281E8D5B9}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7B675CEE-2C7A-431E-8D85-530535EC3916}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7DAF6FD6-6BCC-401D-BB4E-70A7E445AFB6}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7FD57E99-A1ED-41CC-8FBA-1B3047559462}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{7FFA5F58-AA26-4FDE-98F2-8BA21659952A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{84901383-2E8B-4D7A-A5CE-FFF903523B03}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{86480385-0C5D-43C5-942D-D307022A6EA6}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{88BD2FFB-0866-4628-9074-6D6F612FC826}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{8A82CE9B-BAF5-489B-BF27-2A44B5E3727A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{8B45E22C-5FA9-42D3-9204-5B1404E60372}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{91FA3062-C305-44D6-B98F-9D69A3822DE7}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{921320AD-D195-4DD6-8DFD-98DCD74CEDB2}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{970A009A-2D03-4F88-87C4-BA172F5D3761}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{97E50BC8-A7B8-4112-B618-D41BC579E6BC}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{9820150E-794E-4A2E-9D1D-B9FDCA5C2ED4}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{9AE9EA31-BD94-4292-8BDE-436AD03111F7}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{9D1E940D-2AF5-49DC-AB71-2486C93A24FC}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{9E04D855-60C2-4832-9E4A-5359A5F2C937}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{9EE19D1B-56B3-45BF-949C-93C4FEE4EC06}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{A40F64A8-AB4D-4106-A947-62D7295CB12A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{A89E772C-01F9-49E0-AA7B-EDB7A08389D7}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{A93AD5B5-FDC0-4E05-A4CC-1465B0FF3481}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{A955D2F0-C313-4000-8B04-735FF33D2EE5}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{A98928FE-01FC-459D-BABA-F4F28D4032EC}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{AF548723-E4A9-4824-9222-9AA955EB2686}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{AF7D998F-CFC7-41DA-998B-D81714BE3031}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B0917E9E-08CE-48CA-A87A-102CE69C661A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B19EA20F-01BC-4B5D-A804-28FE4ACF7407}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B23967A7-C089-4AA5-8395-3E686ACC9712}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B6C8E8E9-295C-49E2-AE0E-BBF87F75C523}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B7E30473-0A74-4453-ABEE-0F41C655D9D3}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{B939C712-8CC7-47FF-B0E1-147CC1093453}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{BABA83B9-6EC5-4E7E-96DD-7E8DCE3F3205}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{BB90F9DF-8CEC-4F96-ACB7-6BA63462F7B2}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C0EF2273-107D-48D0-8B60-E0F88D321D47}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C1551205-E712-47AF-9D59-FB8ACEF57249}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C1AA26E1-224D-4EA7-8FE4-255FAB1FAA72}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C3420964-8A08-47C1-B74F-5F0DF0BF6CF5}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C4649493-9551-45CD-A440-D4E72294400D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C8A918C4-5C3D-4199-8375-00E3D50D770D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{C9B01064-1049-4855-8746-4328B4230FAD}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{CCD131C7-8706-4415-9757-E8E264985010}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{CF7CD3ED-5A72-403F-AA4C-9525ACF90243}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D08CB460-DC29-4797-8156-B91EF4FBEBEF}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D2FC20A7-64B4-4F0D-84DA-34979A5C7081}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D4A75F4E-5F85-4020-9718-5820BDB62D9D}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D5CAF01D-A4EF-43B5-83E5-7CAC5514413A}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D5F80795-93B4-47E8-99DB-894321930262}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D86AC0D3-AAED-4F9D-BBC0-C3A4D88B8176}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{D8CAC2F4-EE48-4C78-8511-98F8BA15E1AA}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{DC0A5460-B842-4E47-A157-1D2E4E5EB5D5}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{DCF406CD-76DC-442A-8E4E-36348B96B853}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{DD284F0E-DF05-42A1-8DBE-EF59116B0BED}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{DF94A75E-2FD2-43C1-BF24-7BC34DCC8250}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E2FBF42D-4E90-4C66-A42B-2B06416F0EDD}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E6162CB0-9594-4429-8C1E-7FD9BA69D107}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E6C3121B-C563-4CB6-BB82-266EDF5E8ECF}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E7472035-EB82-4AE0-8A34-0D93F28D9DBB}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E77D38CE-52CA-4ED6-95F5-EF12C09EF609}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E88A11FC-7460-4C23-8D79-956F8B07B8BC}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E96D0E20-A14F-4762-9ACE-DD249BD779B5}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{E9D0917B-E472-48F7-A8A2-8E028E7BE48E}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{ED09E810-0B02-4D17-AFBA-6B654D8D6007}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{EE1215D2-958A-4659-B18E-73D38BD855D8}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F0D1F44C-1FC9-42F0-A1A6-8633376528B0}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F5F88A98-0DBB-4DB9-A75F-CE15A5965B9B}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F7894616-1D9D-43AB-8900-1AB5A43C8198}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F79AFEF0-B12C-4792-9311-9D14C7ACC892}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F8011DA6-9D52-4554-9783-F784491ECEBB}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{F81CE7BA-5DBC-44AE-9A71-3EA0C613F68F}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{FC22A31D-9E3A-49D3-A2AF-C6B4329E4DFB}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{FC625606-B67F-42E2-9E2D-68A2D81CFAD6}
Successfully deleted: [Empty Folder] C:\Users\Matthew\appdata\local\{FD375015-2758-4BA6-9A19-C312C17A7E0C}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at 17:26:54.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Celticsfan4,

 

I'd just like to sincerely thank you for helping me out with this because it seems like a lot of work on your part.

 

You are very welcome! It is a lot of work, but it's enjoyable work. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

 

I was able to do everything but i had a little bit of difficulty because my laptops been running even slower sometimes. Simple applications will just stop responding for about 10 minutes straight. I was trying to move FRST onto the desktop and it took 30 minutes because the downloads folder explorer kept stop responding. But i was able to eventually get everything. Besides these slow fits, the computers running pretty well sometimes.

 

This not good and not normal. I had thought that the last scan and fix would have "righted" your issues, but I'm suspecting something different now.

 

I have two additional tools for you to run. With RogueKiller, I only want you to Scan and then get the Report. Let's not fix anything on this pass. This tool can be a little confusing until you get used to it. On this page you'll find a Video that will coach you on the Scan and Report in case my instructions below aren't clear. The second program is GMER. I don't have a video for that, so I hope my instructions are clear.

  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER 66x53xgmericon_zps951fd5aa.jpg.pagespeed icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important

    551x421xGMER2new_zpsdd936679.jpg.pagespe
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

When this is complete, make sure you post the RogueKiller log and the GMER log.


  • 0

#9
Celticsfan4

Celticsfan4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Buscuithd,

Well its nice to hear that at least you enjoy doing things like this with it being a lot of work. Anyways I have done those scans. The logs are below.

 

RogueKiller Log:

ogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Matthew [Admin rights]
Mode : Scan -- Date : 07/17/2014 11:28:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 15 ¤¤¤
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Matthew\AppData\Local\Temp\IHU1437.tmp.exe [x] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{1F4A8E03-7E0E-47C8-BAEB-3024D5A8C96E} : NameServer (174.114.184.185) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{1F4A8E03-7E0E-47C8-BAEB-3024D5A8C96E} : NameServer (174.114.184.185) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[43] : NtAssignProcessToJobObject @ 0x830070D0 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10270)
SSDT[87] : NtCreateThread @ 0x830E3FE2 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A102F0)
SSDT[190] : NtOpenProcess @ 0x83019BA5 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A106B0)
SSDT[198] : NtOpenThread @ 0x83066112 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10580)
SSDT[215] : NtProtectVirtualMemory @ 0x8304A661 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10380)
SSDT[316] : NtSetContextThread @ 0x830E5857 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A101F0)
SSDT[370] : NtTerminateProcess @ 0x83062DAA -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10500)
SSDT[371] : NtTerminateThread @ 0x830806DB -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10400)
SSDT[399] : NtWriteVirtualMemory @ 0x83067AA7 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x83A10480)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
 
ÿþ1
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] eb942d503aedc893cc0ad7c20dbad745
[BSP] c55d22c958ab1959cefd7ce97e0736a4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228845 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471748608 | Size: 8129 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_07172014_02d1128.txt >>
RKreport[1]_S_07172014_02d1128.txt

 

GMER Log:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-17 12:40:34
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG001M 232.89GB
Running: gmer.exe; Driver: C:\Users\Matthew\AppData\Local\Temp\uwliifow.sys
 
 
---- System - GMER 2.1 ----
 
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwAssignProcessToJobObject [0x83A10270]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwCreateThread [0x83A102F0]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwOpenProcess [0x83A106B0]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwOpenThread [0x83A10580]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwProtectVirtualMemory [0x83A10380]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwSetContextThread [0x83A101F0]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwTerminateProcess [0x83A10500]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwTerminateThread [0x83A10400]
SSDT    \SystemRoot\System32\drivers\WRkrn.sys                                                                                                       ZwWriteVirtualMemory [0x83A10480]
 
---- Kernel code sections - GMER 2.1 ----
 
.text   ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                     82E44A15 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       82E7E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                          82E854E8 3 Bytes  [70, 02, A1]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1203                                                                                                          82E85598 3 Bytes  [F0, 02, A1]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 139F                                                                                                          82E85734 3 Bytes  [B0, 06, A1]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 13BF                                                                                                          82E85754 3 Bytes  [80, 05, A1]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1403                                                                                                          82E85798 3 Bytes  [80, 03, A1] {ADD BYTE [EBX], 0xa1}
.text   ...                                                                                                                                          
.text   C:\windows\system32\DRIVERS\tos_sps32.sys                                                                                                    section is writeable [0x8C703000, 0x3C849, 0xE8000020]
.dsrt   C:\windows\system32\DRIVERS\tos_sps32.sys                                                                                                    unknown last section [0x8C748000, 0x3DC, 0x48000040]
.text   C:\windows\system32\DRIVERS\atikmdag.sys                                                                                                     section is writeable [0x92007000, 0x2D5526, 0xE8000020]
?       C:\windows\system32\drivers\TrueSight.sys                                                                                                    The system cannot find the file specified. !
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\usbhub \Device\USBPDO-6                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\00000068                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\00000069                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\0000006a                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\0000006b                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\0000006c                                                                                                              ctxusbm.sys
Device  \Driver\usbhub \Device\0000006d                                                                                                              ctxusbm.sys
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}\[email protected]  isatap.{0D76EE44-5284-4351-8327-6CDC9C94313C}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected]     \Device\{98FFACCE-1722-4B5D-AF9A-3E51EC4A6751}?\Device\{74CE2D01-F4B5-484C-82BB-4CB40F750BCB}?\Device\{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}?\Device\{769374F1-8E45-44C3-8B0C-FA10450A2EE7}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected]    "{98FFACCE-1722-4B5D-AF9A-3E51EC4A6751}"?"{74CE2D01-F4B5-484C-82BB-4CB40F750BCB}"?"{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}"?"{769374F1-8E45-44C3-8B0C-FA10450A2EE7}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected]   \Device\TCPIP6TUNNEL_{98FFACCE-1722-4B5D-AF9A-3E51EC4A6751}?\Device\TCPIP6TUNNEL_{74CE2D01-F4B5-484C-82BB-4CB40F750BCB}?\Device\TCPIP6TUNNEL_{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}?\Device\TCPIP6TUNNEL_{769374F1-8E45-44C3-8B0C-FA10450A2EE7}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}@InterfaceName                       isatap.{0D76EE44-5284-4351-8327-6CDC9C94313C}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EE794D3F-38BE-49AC-BD54-C2F7F9085C09}@ReusableType                        0
 
---- EOF - GMER 2.1 ----

  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Celticsfan4,

 

I would like you to try a Clean Boot and see how the computer works after that. According to your log you have Windows 7, so that's the instructions I am posting. On the chance that I'm wrong about your Operating System, here is a link for other OS's.

 

  1. Log on to the computer by using an account that has administrator rights.
  2. Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    Collapse this imageExpand this image
     
    x2440068.png.pagespeed.ic.nEZM9GppZQ.png
  3. On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    Collapse this imageExpand this image
     
    x2440069.png.pagespeed.ic.sykLn5KfNQ.png
  4. On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
    Collapse this imageExpand this image
     
    x2440071.png.pagespeed.ic.ZdCUydohjg.png

    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  5. Click OK, and then click Restart.

  • 0

#11
Celticsfan4

Celticsfan4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Biscuithd,
After doing this clean boot, I restarted my computer like you asked and it was completely useless. It wouldn't load anything and was basically taking 5 minutes to open one program. I tried to get to the forum to tell you this but I waited 2 hours and wasn't able to get to the forums. After this, I shut down my computer and restarted it and then it was running better than it has in a long time. So I used it to test it out for a while and it was doing good for a few hours. But then out of no where it had another lag fit. It was just like right after I had restarted my laptop the first time. I couldn't do anything but force shut it down by holding down the power button. I haven't turned it back on since and I'm replying on my phone. Any ideas as to what could be going on?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi Biscuit is having net problems at the moment

 

Restart the computer in safe mode

Run MSConfig

On the general tab select "Normal Startup"

OK out

Reboot and let me know how the system is behaving


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi, could you post back and let me know how things are going and where you are in the process of coming out of Clean Boot. Are you ready for next steps?


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: highcpu, laptop, virus, svchost

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP