Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Looking to squeeze more life out of old W7 laptop

Started by BearCavalry , Aug 06 2014 05:03 PM

Please log in to reply

#1
BearCavalry

Posted 06 August 2014 - 05:03 PM

Member

Member
141 posts

I have an old laptop with W7, that is used by other members of my family. It is running out of life, but I'm hoping you can help me squeeze a bit more out of it. It does everything very slowwly, it huffs and puffs, constantly making very loud fan noises. Nothing much besides web browsing, skype, and photo editing is done with this machine, but even that seems to strain it.

Here are the humble specifications of this laptop, http://valid.x86.fr/c94p05.

As with my own machine, I try to run things clean. I use Kaspersky & Malwarebytes. Plus I just ran through the recommended programs in this guide to try to restore some UMPH in the machine

http://windowsinstructed.com/windows-7-or-vista-machine-is-running-a-bit-slower-than-it-used-to/

Can this Toshiba be tweaked, or overclocked, or hit with a hammer in the right place to just get it to hold out for another year or so? Can you please assist me with this odd job?

Thank you

Edited by BearCavalry, 06 August 2014 - 05:04 PM.

#2
Ztruker

Posted 06 August 2014 - 06:12 PM

Member 5k

Technician
7,091 posts

Not a lot you can do with a 930Mhz CPU, even with 4GB or ram.

Let's see what starts when you boot your computer.

Download and run Startup List (does not need to be installed, just run it).
When done, click File then Save as and save Startuplist.txt to your Desktop or somewhere you can find it.
Start a reply here and paste the contents of Startuplist.txt into it.

#3
BearCavalry

Posted 06 August 2014 - 06:47 PM

Member

Topic Starter
Member
141 posts

Not a lot you can do with a 930Mhz CPU, even with 4GB or ram.

Let's see what starts when you boot your computer.

Download and run Startup List (does not need to be installed, just run it).
When done, click File then Save as and save Startuplist.txt to your Desktop or somewhere you can find it.
Start a reply here and paste the contents of Startuplist.txt into it.

Yes sir, here it is. Very long.

StartupList report, 8/6/2014, 7:44:25 PM
StartupList version 2.02.0

Running processes (18):

[C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (67)]
C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\windows\system32\apphelp.dll
C:\windows\System32\bidispl.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\icm32.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\mscms.dll
C:\windows\system32\MSIMG32.dll
C:\windows\System32\msxml6.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\PROPSYS.dll
C:\windows\system32\RpcRtRemote.dll
C:\windows\system32\rsaenh.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\wiadss.dll
C:\windows\system32\wiatrace.dll
C:\windows\system32\WindowsCodecs.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINSPOOL.DRV
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\Windows\SysWOW64\sti.dll
C:\Windows\SysWOW64\urlmon.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll

[C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (31)]
C:\windows\system32\IMM32.DLL
C:\windows\system32\uxtheme.dll
C:\windows\system32\version.DLL
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\shlwapi.DLL
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll

[C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (98)]
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\am_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_legacy.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpinit.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpmain.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpservice.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\content_filtering_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\DumpWriter.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\eka_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fsdrvplg.ppl
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fssync.DLL
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icudt40.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuuc40.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\instrumental_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\key_value_storage.DLL
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klifpp_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCP100.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\MSVCR100.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\nfio.ppl
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\params.ppl
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugins_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\product_metainfo.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.DLL
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pxstub.ppl
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\service.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\storage.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\updater_meta.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winreg.ppl
C:\windows\system32\dwmapi.dll
C:\windows\system32\fltLib.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\MPR.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\POWRPROF.dll
C:\windows\system32\RASAPI32.dll
C:\windows\system32\rasman.dll
C:\windows\system32\RpcRtRemote.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\webio.dll
C:\windows\system32\WINHTTP.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WINSTA.dll
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\COMDLG32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\userenv.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

[C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (34)]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\rsaenh.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

[C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (115)]
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Resource_en.dll
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_StaticRes.dll
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.dll
C:\windows\system32\ACTIVEDS.dll
C:\windows\system32\adsldpc.dll
C:\windows\system32\ATL.DLL
C:\windows\system32\AUDIOSES.DLL
C:\windows\system32\Avicap32.dll
C:\windows\system32\AVRT.dll
C:\windows\system32\bcrypt.dll
C:\windows\system32\credssp.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\d3d11.dll
C:\windows\system32\d3d8thk.dll
C:\windows\system32\d3d9.dll
C:\windows\system32\DCIMAN32.dll
C:\windows\system32\ddraw.dll
C:\windows\system32\dhcpcsvc.DLL
C:\windows\system32\dhcpcsvc6.DLL
C:\windows\system32\DNSAPI.dll
C:\windows\system32\dsound.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\dxgi.dll
C:\windows\System32\fwpuclnt.dll
C:\windows\system32\GPAPI.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\ksuser.dll
C:\windows\system32\Magnification.dll
C:\windows\system32\mapi32.dll
C:\windows\system32\midimap.dll
C:\windows\System32\MMDevApi.dll
C:\windows\system32\MSACM32.dll
C:\windows\system32\msacm32.drv
C:\windows\system32\msdmo.dll
C:\windows\system32\msi.dll
C:\windows\system32\MSIMG32.dll
C:\windows\system32\msvfw32.dll
C:\windows\system32\mswsock.dll
C:\windows\system32\napinsp.dll
C:\windows\system32\ncrypt.dll
C:\windows\system32\Netapi32.dll
C:\windows\system32\netutils.dll
C:\windows\system32\NLAapi.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\pnrpnsp.dll
C:\windows\system32\POWRPROF.dll
C:\windows\system32\propsys.dll
C:\windows\system32\Psapi.dll
C:\windows\system32\quartz.dll
C:\windows\system32\rasadhlp.dll
C:\windows\system32\RICHED20.DLL
C:\windows\system32\rsaenh.dll
C:\windows\system32\secur32.dll
C:\windows\system32\Shell32.dll
C:\windows\system32\srvcli.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\wdmaud.drv
C:\windows\system32\webio.dll
C:\windows\system32\winhttp.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\System32\winrnr.dll
C:\windows\system32\WINSTA.dll
C:\windows\system32\wkscli.dll
C:\windows\System32\wship6.dll
C:\windows\System32\wshtcpip.dll
C:\windows\system32\wtsapi32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\SysWOW64\bcryptprimitives.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\devenum.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\imagehlp.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\schannel.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\urlmon.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll

[C:\Program Files (x86)\WinRAR\WinRAR.exe (86)]
C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\windows\system32\apphelp.dll
C:\windows\system32\ATL100.DLL
C:\windows\system32\audiodev.dll
C:\windows\system32\cscapi.dll
C:\windows\System32\davclnt.dll
C:\windows\System32\DAVHLPR.dll
C:\windows\System32\drprov.dll
C:\windows\system32\DUI70.dll
C:\windows\system32\DUser.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\EhStorAPI.dll
C:\windows\system32\EhStorShell.dll
C:\windows\system32\explorerframe.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\MPR.dll
C:\windows\system32\msi.dll
C:\windows\system32\MSVCP100.dll
C:\windows\system32\MSVCR100.dll
C:\windows\system32\netutils.dll
C:\windows\System32\ntlanman.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\ntshrui.dll
C:\windows\system32\PortableDeviceApi.dll
C:\windows\system32\propsys.dll
C:\windows\system32\RICHED20.dll
C:\windows\system32\riched32.dll
C:\windows\system32\samcli.dll
C:\windows\system32\SAMLIB.dll
C:\windows\system32\Secur32.dll
C:\windows\System32\shdocvw.dll
C:\windows\system32\slc.dll
C:\windows\system32\srvcli.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\version.DLL
C:\windows\system32\WindowsCodecs.dll
C:\windows\system32\WINMM.dll
C:\windows\System32\WINSTA.dll
C:\windows\system32\wkscli.dll
C:\windows\system32\WMASF.DLL
C:\windows\system32\WMVCore.DLL
C:\windows\system32\wpdshext.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\COMDLG32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\Windows\SysWOW64\urlmon.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (155)]
C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\office_antivirus.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll
C:\Program Files (x86)\Windows Defender\MpOav.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\windows\system32\apphelp.dll
C:\windows\system32\ATL100.DLL
C:\windows\system32\audioses.dll
C:\windows\system32\avrt.dll
C:\windows\system32\bcrypt.dll
C:\windows\system32\credssp.dll
C:\windows\system32\credui.dll
C:\windows\system32\cryptnet.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\cscapi.dll
C:\windows\System32\davclnt.dll
C:\windows\System32\DAVHLPR.dll
C:\windows\system32\dhcpcsvc.DLL
C:\windows\system32\dhcpcsvc6.DLL
C:\windows\system32\DNSAPI.dll
C:\windows\System32\drprov.dll
C:\windows\system32\DUI70.dll
C:\windows\system32\DUser.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\EhStorAPI.dll
C:\windows\system32\EhStorShell.dll
C:\windows\system32\explorerframe.dll
C:\windows\System32\fwpuclnt.dll
C:\windows\system32\GPAPI.dll
C:\windows\system32\HID.DLL
C:\windows\system32\ieframe.DLL
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\LINKINFO.dll
C:\windows\system32\MMDevAPI.DLL
C:\windows\system32\MPR.dll
C:\windows\system32\mscms.dll
C:\windows\system32\msdmo.dll
C:\windows\system32\msi.dll
C:\windows\system32\msls31.dll
C:\windows\system32\mssprxy.dll
C:\windows\system32\MSVCP100.dll
C:\windows\system32\MSVCR100.dll
C:\windows\system32\mswsock.dll
C:\windows\System32\msxml6.dll
C:\windows\System32\NaturalLanguage6.dll
C:\windows\system32\ncrypt.dll
C:\windows\system32\NETAPI32.dll
C:\windows\System32\netprofm.dll
C:\windows\system32\netutils.dll
C:\windows\system32\NetworkExplorer.dll
C:\windows\system32\NLAapi.dll
C:\windows\System32\npmproxy.dll
C:\windows\system32\NTDSAPI.dll
C:\windows\System32\ntlanman.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\ntshrui.dll
C:\windows\system32\OLEACC.dll
C:\windows\system32\PortableDeviceApi.dll
C:\windows\system32\PROPSYS.dll
C:\windows\System32\provsvc.dll
C:\windows\system32\rasadhlp.dll
C:\windows\system32\RpcRtRemote.dll
C:\windows\system32\rsaenh.dll
C:\windows\system32\SAMCLI.DLL
C:\windows\system32\SAMLIB.dll
C:\windows\system32\SearchFolder.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\SensApi.dll
C:\windows\System32\shdocvw.dll
C:\windows\system32\slc.dll
C:\windows\system32\srvcli.dll
C:\windows\System32\StructuredQuery.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\webio.dll
C:\windows\System32\wevtapi.dll
C:\windows\system32\WindowsCodecs.dll
C:\windows\system32\WINHTTP.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSTA.dll
C:\windows\system32\wkscli.dll
C:\windows\System32\Wpc.dll
C:\windows\System32\wship6.dll
C:\windows\System32\wshtcpip.dll
C:\windows\system32\WTSAPI32.dll
C:\windows\system32\xmllite.dll
C:\Windows\SysWOW64\actxprxy.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\SysWOW64\ATL.DLL
C:\windows\SysWOW64\bcryptprimitives.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\COMDLG32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\d3d8thk.dll
C:\Windows\SysWOW64\d3d9.dll
C:\Windows\SysWOW64\devenum.dll
C:\windows\syswow64\DEVOBJ.dll
C:\Windows\SysWOW64\fdproxy.dll
C:\Windows\SysWOW64\FunDisc.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\Windows\SysWOW64\ksproxy.ax
C:\Windows\SysWOW64\ksuser.dll
C:\Windows\SysWOW64\kswdmcap.ax
C:\windows\syswow64\LPK.dll
C:\Windows\SysWOW64\MFC42.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\ODBC32.dll
C:\Windows\SysWOW64\odbcint.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\urlmon.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\Windows\SysWOW64\vidcap.ax
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libpeerconnection.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libpeerconnection.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libpeerconnection.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libpeerconnection.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libpeerconnection.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (47)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
C:\windows\system32\dxva2.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\Secur32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (51)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
C:\windows\system32\apphelp.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\mswsock.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\System32\wshtcpip.dll
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\syswow64\WS2_32.dll

[C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\chrome.exe (57)]
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_child.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\chrome_elf.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\D3DCompiler_46.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
C:\Users\Svetlana\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
C:\windows\system32\d3d8thk.dll
C:\windows\system32\d3d9.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\igdumd32.dll
C:\windows\system32\igdumdx32.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\system32\PowrProf.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\WTSAPI32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

[C:\Users\Svetlana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (65)]
C:\Users\Svetlana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
C:\windows\system32\credssp.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\dhcpcsvc.DLL
C:\windows\system32\dhcpcsvc6.DLL
C:\windows\system32\DSOUND.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\IPHLPAPI.DLL
C:\windows\System32\MMDevApi.dll
C:\windows\system32\msdmo.dll
C:\windows\system32\mswsock.dll
C:\windows\system32\ntmarta.dll
C:\windows\system32\POWRPROF.dll
C:\windows\System32\PROPSYS.dll
C:\windows\system32\rsaenh.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\webio.dll
C:\windows\system32\winhttp.dll
C:\windows\system32\WINMM.dll
C:\windows\system32\WINNSI.DLL
C:\windows\System32\wshtcpip.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\devenum.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\iertutil.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\normaliz.DLL
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\profapi.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SETUPAPI.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USERENV.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WININET.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WLDAP32.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

[C:\Users\Svetlana\AppData\Local\Temp\Rar$EXa0.607\StartupList.exe (43)]
C:\windows\system32\asycfilt.dll
C:\windows\system32\CRYPTSP.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\MSVBVM60.DLL
C:\windows\system32\NTDSAPI.dll
C:\windows\system32\RpcRtRemote.dll
C:\windows\system32\rsaenh.dll
C:\windows\system32\SXS.DLL
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.DLL
C:\windows\system32\wbem\fastprox.dll
C:\windows\system32\wbem\wbemdisp.dll
C:\windows\system32\wbem\wbemprox.dll
C:\windows\system32\wbem\wbemsvc.dll
C:\windows\system32\wbem\wmiutils.dll
C:\windows\system32\wbemcomn.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\CLBCatQ.DLL
C:\windows\syswow64\comdlg32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\SysWow64\Mscomctl.ocx
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\PSAPI.DLL
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\COMCTL32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.DLL

[C:\Windows\Samsung\PanelMgr\SSMMgr.exe (37)]
C:\windows\system32\apphelp.dll
C:\windows\system32\dwmapi.dll
C:\windows\system32\IMM32.DLL
C:\windows\system32\oledlg.dll
C:\windows\system32\OLEPRO32.DLL
C:\windows\system32\setupapi.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\WINSPOOL.DRV
C:\windows\system32\Wtsapi32.dll
C:\windows\syswow64\ADVAPI32.dll
C:\windows\syswow64\CFGMGR32.dll
C:\windows\syswow64\comdlg32.dll
C:\windows\syswow64\CRYPT32.dll
C:\windows\syswow64\CRYPTBASE.dll
C:\windows\syswow64\DEVOBJ.dll
C:\windows\syswow64\GDI32.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\LPK.dll
C:\windows\syswow64\MSASN1.dll
C:\windows\syswow64\MSCTF.dll
C:\windows\syswow64\msvcrt.dll
C:\windows\syswow64\NSI.dll
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\ole32.dll
C:\windows\syswow64\OLEAUT32.dll
C:\windows\syswow64\RPCRT4.dll
C:\windows\SysWOW64\sechost.dll
C:\windows\syswow64\SHELL32.dll
C:\windows\syswow64\SHLWAPI.dll
C:\windows\syswow64\SspiCli.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\USP10.dll
C:\windows\syswow64\WINTRUST.dll
C:\windows\syswow64\WS2_32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\COMCTL32.dll

--------------------

Autostart folders:

[Startup (1)]
desktop.ini

[User Startup (1)]
desktop.ini

[Common Startup (1)]
desktop.ini

[User Common Startup (1)]
desktop.ini

--------------------

Task Scheduler jobs (7):

GlaryInitialize.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-409781226-1333409354-1444799775-1000Core.job
GoogleUpdateTaskUserS-1-5-21-409781226-1333409354-1444799775-1000UA.job
Start Registry Reviver for SuperWoman@Svetlana(logon).job
Wise Memory Optimizer Task.job

--------------------

IniMapping values:

System NT shell = explorer.exe

--------------------

On-reboot actions:

[Wininit.ini]
[rename]
c:\tempjunk3533.tmp=C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe_old
nul=c:\tempjunk6113.tmp
c:\tempjunk465.tmp=C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe_old
c:\tempjunk4879.tmp=C:\Program Files (x86)\Application Updater\config.ini
c:\tempjunk4809.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth160.dll_old
c:\tempjunk549.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth160.dll_old
c:\tempjunk5919.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\tempjunk7047.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\tempjunk4302.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\tempjunk7672.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\tempjunk2850.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\tempjunk9690.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\tempjunk5885.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\tempjunk5423.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\tempjunk5007.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\tempjunk896.tmp=C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
c:\tempjunk886.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\tempjunk1751.tmp=C:\Program Files (x86)\Application Updater\config.ini
c:\tempjunk515.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\tempjunk4016.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\tempjunk1060.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\tempjunk5318.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\tempjunk8801.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\tempjunk7993.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\tempjunk1748.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\tempjunk8444.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\tempjunk6113.tmp=C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini

--------------------

Shell commands:

.bat - Windows Batch File - "%1" %*
.cmd - Windows Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\Windows\SysWOW64\mshta.exe "%1" %*
.js - JavaScript File - C:\Windows\System32\WScript.exe "%1" %*
.jse - JScript Encoded File - C:\Windows\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen saver - "%1" /S
.txt - Text Document - C:\windows\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded File - "C:\windows\System32\WScript.exe" "%1" %*
.vbs - VBScript Script File - "C:\windows\System32\WScript.exe" "%1" %*
.wsf - Windows Script File - "C:\windows\System32\WScript.exe" "%1" %*
.wsh - Windows Script Host Settings File - "C:\windows\System32\WScript.exe" "%1" %*

--------------------

Services:

[NT Services (57)]
@%SystemRoot%\system32\audiosrv.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\audiosrv.dll,-204 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\bfe.dll,-1001 = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\cryptsvc.dll,-1001 = C:\windows\system32\svchost.exe -k NetworkService
@%SystemRoot%\system32\dhcpcore.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\System32\dnsapi.dll,-101 = C:\windows\system32\svchost.exe -k NetworkService
@%systemroot%\system32\dps.dll,-500 = C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\dwm.exe,-2000 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\FirewallAPI.dll,-23090 = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\ikeext.dll,-501 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\lmhsvc.dll,-101 = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\mmcss.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\nlasvc.dll,-1 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\nsisvc.dll,-200 = C:\windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\profsvc.dll,-300 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\qmgr.dll,-1000 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\samsrv.dll,-1 = C:\windows\system32\lsass.exe
@%SystemRoot%\system32\schedsvc.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%systemroot%\system32\SearchIndexer.exe,-103 = C:\windows\system32\SearchIndexer.exe /Embedding
@%SystemRoot%\system32\Sens.dll,-200 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\shsvcs.dll,-12288 = C:\windows\System32\svchost.exe -k netsvcs
@%systemroot%\system32\spoolsv.exe,-1 = C:\windows\System32\spoolsv.exe
@%SystemRoot%\system32\sppsvc.exe,-101 = C:\windows\system32\sppsvc.exe
@%systemroot%\system32\srvsvc.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sysmain.dll,-1000 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\themeservice.dll,-8192 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\umpnpmgr.dll,-100 = C:\windows\system32\svchost.exe -k DcomLaunch
@%SystemRoot%\system32\umpo.dll,-100 = C:\windows\system32\svchost.exe -k DcomLaunch
@%Systemroot%\system32\wbem\wmisvc.dll,-205 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\wevtsvc.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wiaservc.dll,-9 = C:\windows\system32\svchost.exe -k imgsvc
@%systemroot%\system32\wkssvc.dll,-100 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\System32\wlansvc.dll,-257 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\wscsvc.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\wuaueng.dll,-105 = C:\windows\system32\svchost.exe -k netsvcs
@%windir%\system32\RpcEpMap.dll,-1001 = C:\windows\system32\svchost.exe -k RPCSS
@comres.dll,-2450 = C:\windows\system32\svchost.exe -k LocalService
@gpapi.dll,-112 = %windir%\system32\svchost.exe -k GPSvcGroup
@oleres.dll,-5010 = C:\windows\system32\svchost.exe -k rpcss
@oleres.dll,-5012 = C:\windows\system32\svchost.exe -k DcomLaunch
Adobe Acrobat Update Service = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Common Client Job Manager Service = "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll" /prefetch:1
Google Update Service (gupdate) = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
IconMan_R = "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
Intel® Management & Security Application User Notification Service = "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
Intel® Management and Security Application Local Management Service = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Kaspersky Anti-Virus Service = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r
MBAMScheduler = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
MBAMService = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
Microsoft .NET Framework NGEN v4.0.30319_X64 = C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Microsoft .NET Framework NGEN v4.0.30319_X86 = C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MultiKMS = "C:\Windows\MultiKMS\MultiKMS.exe"
Skype Updater = "C:\Program Files (x86)\Skype\Updater\Updater.exe"
TeamViewer 9 = "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
Toshiba Laptop Checkup Application Launcher = C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe /s
TOSHIBA Optical Disc Drive Service = C:\Windows\system32\TODDSrv.exe
Windows Live ID Sign-in Assistant = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
sermouse.sys
vga.sys
vgasave.sys
volmgr.sys
volmgrx.sys
WudfPf
WudfRd

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AppInfo
AppMgmt
CryptSvc
DcomLaunch
EFS
EventLog
HelpSvc
KeyIso
Netlogon
NTDS
PlugPlay
Power
ProfSvc
RpcEptMapper
RpcSs
sacsvr
SWPRV
TabletInputService
TBS
TrustedInstaller
VDS
vmms
WinDefend
WinMgmt
WudfSvc

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
bowser
dfsc
ipnat.sys
MPSDrv
mrxsmb
mrxsmb10
mrxsmb20
ndiscap
nsiproxy.sys
rdbss
rdpencdd.sys
sermouse.sys
vga.sys
vgasave.sys
volmgr.sys
volmgrx.sys
WudfPf
WudfRd
WudfUsbccidDriver

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AFD
AppInfo
AppMgmt
BFE
Browser
CryptSvc
DcomLaunch
Dhcp
DnsCache
Dot3Svc
Eaphost
EFS
EventLog
HelpSvc
IKEEXT
KeyIso
LanmanServer
LanmanWorkstation
LmHosts
Messenger
MPSSvc
NativeWifiP
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
netprofm
NlaSvc
Nsi
NTDS
PlugPlay
PolicyAgent
Power
ProfSvc
rdsessmgr
RpcEptMapper
RpcSs
sacsvr
SCardSvr
SharedAccess
SWPRV
TabletInputService
TBS
Tcpip
TrustedInstaller
VaultSvc
VDS
vmms
WinDefend
WinMgmt
Wlansvc
WudfSvc

* Smart card readers *
{50DD5230-BA8A-11D1-BF5D-0000F805F530}

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* Imaging devices *
- Upper filters
PGEffect.sys
ksthunk.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
SynTP.sys
klkbdflt.sys
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
klmouflt.sys
mouclass.sys

* Smart card readers *
- Upper filters
scfilter.sys

* Sound, video and game controllers *
- Upper filters
ksthunk.sys

* Storage Volumes *
- Lower filters
fvevol.sys
rdyboost.sys

[Device filters]
* @cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive *
- Lower filters
tdcmdpst.sys

* @cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive *
- Lower filters
tdcmdpst.sys

* @machine.inf,%rdp_kbd.devicedesc%;Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* @machine.inf,%rdp_mou.devicedesc%;Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* @netrasa.inf,%mp-bh-dispname%;WAN Miniport (Network Monitor) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ipv6-dispname%;WAN Miniport (IPv6) *
- Lower filters
NdisTapi.sys

* @oem18.inf,%*tos1900.devicedescntamd64%;TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device *
- Upper filters
TVALZFL.sys

* @oem31.inf,%ps2.syndevicedesc%;Synaptics PS/2 Port TouchPad *
- Upper filters
SynTP.sys

* @oem33.inf,%rtl8188ce.devicedesc%;Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC *
- Upper filters
vwifibus.sys

* Apple iPhone *
- Lower filters
WinUsb.sys

* HDR-CX220 *
- Lower filters
WinUsb.sys

* SM-G900T *
- Lower filters
WinUsb.sys

--------------------

Print monitors (7):

Canon BJ Language Monitor MG2100 series - CNMLMAQ.DLL
Local Port - localspl.dll
Microsoft Shared Fax Monitor - FXSMON.DLL
ML163S Langmon - ml163sl6.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll
WSD Port - WSDMon.dll

--------------------

WinLogon autoruns:

UserInit = C:\windows\system32\userinit.exe,
VmApplet = SystemPropertiesPerformance.exe /pagefile

[Group policy extensions (15)]
Wireless Group Policy = wlgpclnt.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = %SystemRoot%\System32\dskquota.dll
QoS Packet Scheduler = gptext.dll
Internet Explorer Zonemapping = C:\Windows\SysWOW64\iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Internet Explorer User Accelerators = C:\Windows\SysWOW64\iedkcs32.dll
Security = scecli.dll
Deployed Printer Connections = %systemroot%\system32\gpprnext.dll
802.3 Group Policy = dot3gpclnt.dll
TCPIP = gptext.dll
Internet Explorer Machine Accelerators = C:\Windows\SysWOW64\iedkcs32.dll
IP Security = %SystemRoot%\System32\polstore.dll
Enterprise QoS = gptext.dll
CP = gptext.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2)
NoDriveTypeAutoRun = dword: 221
NoLowDiskSpaceChecks = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\System (2)
DisableRegistryTools = dword: 0
DisableTaskMgr = dword: 0

[All users]
* Primary policies *
- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems (78)
tWhiteList = Close
GeneralInfo
Quit
FirstPage
PrevPage
NextPage
LastPage
ActualSize
FitPage
FitWidth
FitHeight
SinglePage
OneColumn
TwoPages
TwoColumns
ZoomViewIn
ZoomViewOut
ShowHideBookmarks
ShowHideThumbnails
Print
GoToPage
ZoomTo
GeneralPrefs
SaveAs
FullScreenMode
OpenOrganizer
Scan
Web2PDF:OpnURL
AcroSendMail:SendMail
Spelling:Check Spelling
PageSetup
Find
FindSearch
GoBack
GoForward
FitVisible
ShowHideArticles
ShowHideFileAttachment
ShowHideAnnotManager
ShowHideFields
ShowHideOptCont
ShowHideModelTree
ShowHideSignatures
InsertPages
ExtractPages
ReplacePages
DeletePages
CropPages
RotatePages
AddFileAttachment
FindCurrentBookmark
BookmarkShowLocation
GoBackDoc
GoForwardDoc
DocHelpUserGuide
HelpReader
rolReadPage
HandMenuItem
ZoomDragMenuItem
CollectionPreview
CollectionHome
CollectionDetails
CollectionShowRoot
&Pages
Co&ntent
&Forms
Action &Wizard
Recognize &Text
P&rotection
&Sign && Certify
Doc&ument Processing
Print Pro&duction
Ja&vaScript
&Accessibility
Analy&ze
&Annotations
D&rawing Markups
Revie&w

- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms (105)
tBuiltInPermList = version:1
.ade:3
.adp:3
.app:3
.arc:3
.arj:3
.asp:3
.bas:3
.bat:3
.bz:3
.bz2:3
.cab:3
.chm:3
.class:3
.cmd:3
.com:3
.command:3
.cpl:3
.crt:3
.csh:3
.desktop:3
.dll:3
.exe:3
.fxp:3
.gz:3
.hex:3
.hlp:3
.hqx:3
.hta:3
.inf:3
.ini:3
.ins:3
.isp:3
.its:3
.job:3
.js:3
.jse:3
.ksh:3
.lnk:3
.lzh:3
.mad:3
.maf:3
.mag:3
.mam:3
.maq:3
.mar:3
.mas:3
.mat:3
.mau:3
.mav:3
.maw:3
.mda:3
.mdb:3
.mde:3
.mdt:3
.mdw:3
.mdz:3
.msc:3
.msi:3
.msp:3
.mst:3
.ocx:3
.ops:3
.pcd:3
.pi:3
.pif:3
.prf:3
.prg:3
.pst:3
.rar:3
.reg:3
.scf:3
.scr:3
.sct:3
.sea:3
.shb:3
.shs:3
.sit:3
.tar:3
.taz:3
.tgz:3
.tmp:3
.url:3
.vb:3
.vbe:3
.vbs:3
.vsmacros:3
.vss:3
.vst:3
.vsw:3
.webloc:3
.ws:3
.wsc:3
.wsf:3
.wsh:3
.z:3
.zip:3
.zlo:3
.zoo:3
.pdf:2
.fdf:2
.jar:3
.pkg:3
.tool:3
.term:3

- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms (32)
tFlashContentSchemeWhiteList = http
https
ftp
rtmp
rtmpe
rtmpt
rtmpte
rtmps
mailto
tSponsoredContentSchemeWhiteList = http
https
tSchemePerms = version:2
shell:3
hcp:3
ms-help:3
ms-its:3
ms-itss:3
its:3
mk:3
mhtml:3
help:3
disk:3
afp:3
disks:3
telnet:3
ssh:3
acrobat:2
mailto:2
file:1
rlogin:3
javascript:4
data:3

- Software\Policies\Microsoft\Peernet (1)
Disabled = dword: 0

- Software\Policies\Microsoft\Windows\CurrentVersion\Identities (2)
@ =
Locked Down = dword: 0

- Software\Policies\Microsoft\Windows\Network Connections (1)
NC_PersonalFirewallConfig = dword: 0

- Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator (1)
@ =

- Software\Policies\Microsoft\Windows\Psched (1)
NonBestEffortLimit = dword: 0

- Software\Policies\Microsoft\Windows\safer\codeidentifiers (1)
authenticodeenabled = dword: 0

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client (3)
fEnableUsbNoAckIsochWriteToDevice = dword: 80
fEnableUsbBlockDeviceBySetupClass = dword: 1
fEnableUsbSelectDeviceByInterface = dword: 1

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses (1)
1000 = {3376f4ce-ff8d-40a2-a80f-bb4359d1415c}

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces (1)
1000 = {6bdd1fc6-810f-11d0-bec7-08002be2092f}

- Software\Policies\Microsoft\Windows NT\Windows File Protection (1)
KnownDllList = nlhtml.dll

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop (2)
NoAddingComponents = dword: 1
NoComponents = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\Attachments (1)
ScanWithAntiVirus = dword: 3

- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (4)
NoActiveDesktop = dword: 1
NoActiveDesktopChanges = dword: 1
ForceActiveDesktopOn = dword: 0
NoDriveTypeAutoRun = dword: 28

- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\System (17)
ConsentPromptBehaviorAdmin = dword: 0
ConsentPromptBehaviorUser = dword: 3
EnableInstallerDetection = dword: 1
EnableLUA = dword: 1
EnableSecureUIAPaths = dword: 1
EnableUIADesktopToggle = dword: 0
EnableVirtualization = dword: 1
PromptOnSecureDesktop = dword: 0
ValidateAdminCodeSignatures = dword: 0
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
scforceoption = dword: 0
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1
FilterAdministratorToken = dword: 0
SoftwareSASGeneration = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats (7)
CF_TEXT = dword: 1
CF_BITMAP = dword: 2
CF_OEMTEXT = dword: 7
CF_DIB = dword: 8
CF_PALETTE = dword: 9
CF_UNICODETEXT = dword: 13
CF_DIBV5 = dword: 17

--------------------

Browser Helper Objects (12):

[email protected] = {8984B388-A5BB-4DF7-B274-77B879E179DB} =
AcroIEHelperStub = {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
ContentBlockerBrowserHelperObject = {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
Java™ Plug-In 2 SSV Helper = {DBC80044-A445-435b-BC74-9C25C1C588A9} = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Java™ Plug-In SSV Helper = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
link filter bho = {E33CF602-D945-461A-83F0-819F76A199F8} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
Microsoft SkyDrive Pro Browser Helper = {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Safe Money Plugin = {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
TOSHIBA Media Controller Plug-in = {F3C88694-EFFA-4d78-B409-54B7B2535B14} = C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
URLRedirectionBHO = {B4F3A835-0E21-4959-BA22-42B3008E02FF} = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
VirtualKeyboardBrowserHelperObject = {73455575-E40C-433C-9784-C78DC7761455} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
Windows Live ID Sign-in Helper = {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

--------------------

ActiveX objects (7):

ClearIconCache - {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
IE4_SHELLID - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\windows\system32\themeui.dll
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\system32\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (1) *
(no name) - ITBar7Layout - (no file)

* WebBrowser (1) *
(no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - (no file)

--------------------

Internet Explorer buttons/tools (4):

Virtual Keyboard - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Skype Click to Call - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} -
URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

--------------------

Internet Explorer menu extensions:

[This user (1)]
Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

--------------------

Internet Explorer Bands (1):

- {EFA24E64-B078-11D0-89E4-00C04FC9E26E} -

--------------------

Downloaded Program Files (3):

Java Runtime Environment 1.6.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/...indows-i586.cab

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

--------------------

Explorer clones:

C:\windows\explorer.exe
C:\windows\system32\explorer.exe

--------------------

ContextMenuHandlers:

[* (10)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files (x86)\7-Zip\7-zip.dll
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = C:\windows\system32\syncui.dll
Glary Utilities = {72923739-5A47-40A3-9895-25AF0DFBB9E4} = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL
Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\windows\system32\shell32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\windows\system32\shell32.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\windows\system32\ntshrui.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\windows\system32\shell32.dll
Taskband Pin = {90AA3A4E-1CBA-4233-B8BB-535773D48449} = C:\windows\system32\shell32.dll
WinRAR32 = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext.dll

[Drive (8)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = C:\windows\system32\diskcopy.dll
EnhancedStorageShell = {2854F705-3548-414C-A113-93E27C808C85} = C:\windows\system32\EhStorShell.dll
Glary Utilities = {72923739-5A47-40A3-9895-25AF0DFBB9E4} = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL
Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\windows\system32\wpdshext.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\windows\system32\twext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\windows\system32\ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\windows\system32\shell32.dll

[Folder (5)]
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = C:\windows\system32\syncui.dll
Glary Utilities = {72923739-5A47-40A3-9895-25AF0DFBB9E4} = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL
Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll
Library Location = {3dad6c5d-2167-4cae-9914-f99e41c12cfa} = C:\windows\system32\shell32.dll
WinRAR32 = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\windows\system32\zipfldr.dll

[Directory (6)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files (x86)\7-Zip\7-zip.dll
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\windows\system32\shell32.dll
Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\windows\system32\twext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\windows\system32\ntshrui.dll
WinRAR32 = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext.dll

[Directory\Background (3)]
Gadgets = {6B9228DA-9C15-419e-856C-19E768A13BDC} = %ProgramFiles%\Windows Sidebar\sbdrop.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\windows\system32\shell32.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\windows\system32\ntshrui.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = C:\Windows\SysWOW64\ieframe.dll

[AllFileSystemObjects (3)]
CopyAsPathMenu = {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} = C:\windows\system32\shell32.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\windows\system32\twext.dll
SendTo = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\windows\system32\shell32.dll

--------------------

ColumnHandlers (2):

(no name) - {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

--------------------

Approved Shell Extensions:

[All users (36)]
- {00C6D95F-329C-409a-81D7-C46C66EA7F33} - C:\windows\System32\shdocvw.dll
- {00F33137-EE26-412F-8D71-F84E4C2C6625} - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} -
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - C:\Program Files (x86)\7-Zip\7-zip.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\Windows\SysWOW64\webcheck.dll
Context Menu Shell Extension - {84058084-7609-44D1-B3CC-7A9436CB6D92} -
Glary Utilities Context Menu Shell Extension - {72923739-5A47-40A3-9895-25AF0DFBB9E4} - C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL
MF ADTS Property Handler - {80009818-f38f-4af1-87b5-eadab9433e58} - C:\windows\System32\mf.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL
Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) - {8BA85C75-763B-4103-94EB-9470F12FE0F7} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Microsoft SkyDrive Pro Icon Overlay 3 (InSync) - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Nameext - {DB19096C-5365-4164-A246-59FEFF9D8062} - C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL
OpenOffice.org Column Handler - {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
OpenOffice.org Infotip Handler - {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
OpenOffice.org Property Handler - {AE424E85-F6DF-4910-A6A9-438797986431} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
OpenOffice.org Property Sheet Handler - {63542C48-9552-494A-84F7-73AA6A7C99C1} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
OpenOffice.org Thumbnail Viewer - {3B092F0C-7696-40E3-A80F-68D74DA84210} - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
Scan with Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\Windows\SysWOW64\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\Windows\SysWOW64\webcheck.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\Windows\SysWOW64\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -
Windows Live Photo Gallery Autoplay Drop Target Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} -
Windows Live Photo Gallery Editor Drop Target Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -
Windows Live Photo Gallery Viewer Drop Target Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
WinRAR shell extension - {B41DB860-64E4-11D2-9906-E49FADC173CA} -
WinRAR shell extension - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files (x86)\WinRAR\rarext.dll
WLMD Message Handler - {0563DB41-F538-4B37-A92D-4659049B7766} -

[This user (2)]
- {E0046D36-B358-F849-9791-2034D7E2B658} -

--------------------

Registry 'Run' keys:

[User Run]
Google Update = "C:\Users\Svetlana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

[System Run]
AVP = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
PWRISOVM.EXE = c:\program files (x86)\poweriso\pwrisovm.exe -startup
Samsung PanelMgr = C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ToshibaAppPlace = "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

--------------------

Protocols:

[Pluggable MIME filters (4)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
text/xml = {807583E5-5146-11D5-A672-00B0D022E945} = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

[Protocol handlers (23)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\Windows\SysWOW64\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\Windows\SysWOW64\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\windows\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
livecall = {828030A1-22C1-4009-854F-8E305202313F} = C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\windows\system32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\windows\System32\itss.dll
msnim = {828030A1-22C1-4009-854F-8E305202313F} = C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
osf = {D924BDC6-C83A-4BD5-90D0-095128A113D1} = C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
skype4com = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} = C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\Windows\SysWOW64\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
wlmailhtml = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} = C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
wlpg = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} = C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

--------------------

WOW compatibility:

[KnownDlls (32-bit) (28)]
advapi32.dll
clbcatq.dll
COMDLG32.dll
difxapi.dll
gdi32.dll
IERTUTIL.dll
IMAGEHLP.dll
IMM32.dll
kernel32.dll
LPK.dll
MSCTF.dll
MSVCRT.dll
NORMALIZ.dll
NSI.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
rpcrt4.dll
sechost.dll
Setupapi.dll
SHELL32.dll
SHLWAPI.dll
URLMON.dll
user32.dll
USP10.dll
WININET.dll
WLDAP32.dll
WS2_32.dll

--------------------

Winsock LSP:

[Protocols (8)]
MSAFD Tcpip [TCP/IPv6] - {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} - C:\windows\system32\mswsock.dll
MSAFD Tcpip [UDP/IPv6] - {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} - C:\windows\system32\mswsock.dll
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\windows\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\windows\system32\mswsock.dll
RSVP TCPv6 Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\windows\system32\mswsock.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\windows\system32\mswsock.dll
RSVP UDPv6 Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\windows\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\windows\system32\mswsock.dll

[Namespace Providers (8)]
Network Location Awareness Legacy (NLAv1) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} -
E-mail Naming Shim Provider - {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} -
PNRP Cloud Namespace Provider - {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} -
PNRP Name Namespace Provider - {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} -
WindowsLive NSP - {4177DDE9-6028-479E-B7B7-03591A63FF3A} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
WindowsLive Local NSP - {229F2A2C-5F18-4A06-8F89-3A372170624D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} -
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\windows\System32\winrnr.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Default_Page_Url = http://start.toshiba.com/g/
Search Bar = Preserve
Search Page = http://go.microsoft....k/?LinkId=54896
Start Page = http://www.google.com

* All users *
- Internet Explorer\Main (4)
Default_Page_Url = http://go.microsoft..../?LinkId=255141
Default_Search_Url = http://go.microsoft....k/?LinkId=54896
Search Page = http://go.microsoft....k/?LinkId=54896
Start Page = http://go.microsoft..../?LinkId=255141

- Internet Explorer\AboutURLs (5)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
PostNotCached = res://ieframe.dll/repost.htm

[Default URL prefixes]
default = http://
ftp = ftp://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\windows\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (2)]
* 127.0.0.1 *
localhost

* ::1 *
localhost

[ActiveX killbits (160)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\windows\system32\explorerframe.dll
(no name) - {323C0F99-820A-4e0b-B714-57942C6D9678} - C:\Program Files (x86)\Windows Live\Messenger\msgsc.dll
(no name) - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\windows\system32\stobject.dll
(no name) - {53C74826-AB99-4D33-ACA4-3117F51D3788} - C:\windows\system32\shell32.dll
(no name) - {6FBF8DD5-9E03-4af5-B779-FEBEF6754712} - C:\Program Files (x86)\Windows Live\Messenger\msgsc.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\windows\system32\clbcatq.dll
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\windows\system32\catsrvut.dll
(no name) - {F5F545A6-39C4-40b5-814D-B45040A89FB5} - C:\Program Files (x86)\Windows Live\Messenger\msgsc.dll
(no name) - {F81CD990-910B-4bbf-9CB3-6A77F3D697B3} - C:\Program Files (x86)\Windows Live\Messenger\msgsc.dll
(no name) - {FEF10FA2-355E-4E06-9381-9B24D7F7CC88} - C:\windows\system32\shell32.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
ActiveMovie Filter Class Manager - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\Windows\SysWOW64\devenum.dll
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - %CommonProgramFiles(x86)%\System\ado\msado15.dll
Analog Audio Component Type - {28AB0005-E845-4FFA-AA9B-F4665236141C} - C:\Windows\SysWOW64\msvidctl.dll
ATSC Tune Request Location Information - {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} - C:\Windows\SysWOW64\msvidctl.dll
Audio Renderers Collection Class - {C5702CCF-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Data Services Feature Segment - {334125C0-77E5-11d3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuner Device Segment - {A2E3074E-6C3D-11D3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog Locator - {49638B91-48AB-48B7-A47A-7D0E75A08EDE} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog Radio Tuning Space - {8A674B4C-1F63-11D3-B64C-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog TV Tuning Space - {8A674B4D-1F63-11D3-B64C-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Channel Tune Request - {0369B4E6-45B6-11D3-B650-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Component Type Class (Broadcast Substream Type) - {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Tuning Space - {A2E30750-6C3D-11D3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Auxiliary Inputs Tuning Space - {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel ID Tune Request - {3A9428A7-31A4-45E9-9EFB-E055BF7BB3DB} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel ID Tuning Space - {CC829A2F-3365-463F-AF13-81DBB6F3A555} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel Tune Request - {0369B4E5-45B6-11D3-B650-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Component Class(Broadcast Substream) - {59DC47A8-116C-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Component Type Class (Broadcast Substream Type) - {823535A0-0318-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Locator - {03C06416-D127-407A-AB4C-FDD279ABBE5D} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Tune Request - {26EC0B63-AA90-458A-8DF4-5659F2C8A18A} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Tuning Space - {D9BB4CEE-B87A-47F1-AC92-B08D9C7813FC} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Cable Locator - {C531D9FD-9685-4028-8B68-6E1232079F1E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Satellite Locator - {1DF7D126-4050-47F0-A7CF-4C4CA9241333} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Terrestrial Locator - {9CD64701-BDF3-4D14-8E03-F12983D86664} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Tune Request - {15D6504A-5494-499C-886C-973C9E53B9F1} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Tuning Space - {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB-Satellite Tuning Space - {B64016F3-C9A2-4066-96F0-BD9563314726} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Language Component Type Class (Broadcast Substream Type) - {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Component Class (Broadcast Substream) - {055CB2D7-2969-45CD-914B-76890722F112} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Component Type Class (Broadcast Substream Type) - {418008F3-CF67-4668-9628-10DC52BE1D08} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Tune Request - {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Tune Request Factory - {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} - C:\Windows\SysWOW64\msvidctl.dll
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - C:\windows\system32\syncui.dll
cfw Class - {ECABAFC0-7F19-11D2-978E-0000F8757E2A} - C:\windows\system32\comsvcs.dll
Closed Captions Analysis Feature Segment - {86151827-E47B-45EE-8421-D10E6E690979} - C:\Windows\SysWOW64\msvidctl.dll
Collection of all the available BDA Tuning Model Tuning Space objects on this system - {D02AAC50-027E-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
Collection of BDA Tuning Model Component Types(Broadcast Substream Types) - {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
Collection of BDA Tuning Model Components(Broadcast Substreams) - {809B6661-94C4-49E6-B6EC-3F0F862215AA} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Data Services to Time Shift Sink - {38F03426-E83B-4E68-B65B-DCAE73304838} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Encoder to Time Shift Sink - {A0B9B497-AFBC-45AD-A8A6-9B077C40D4F2} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from iTV to Stream Buffer Source - {92B94828-1AF7-4E6E-9EBF-770657F77AF5} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Legacy Analog Tv Tuner Device Segment to Data Services Feature Segment - {C5702CD6-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Legacy Analog Tv Tuner Device Segment to Standard Video Renderer Device Segment - {E18AF75A-08AF-11D3-B64A-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from WebDVD Device Segment to Standard Video Renderer Device Segment - {267DB0B3-55E3-4902-949B-DF8F5CEC0191} - C:\Windows\SysWOW64\msvidctl.dll
Developer Tools - {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
Developer Tools - {8FE85D00-4647-40B9-87E4-5EB8A52F4759} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
DigitalCable Class - {ABBA001B-3075-11D6-88A4-00B0D0200F88} - C:\Windows\SysWOW64\psisdecd.dll
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Windows\SysWOW64\qedit.dll
Encoder Feature Segment - {BB530C63-D9DF-4B49-9439-63453962E598} - C:\Windows\SysWOW64\msvidctl.dll
Features Collection Class - {C5702CD0-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
File Playback Device Segment - {37B0353C-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Generic Graph Composition Segment - {2764BCE5-CC39-11D2-B639-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Generic Sink Segment - {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} - C:\Windows\SysWOW64\msvidctl.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\windows\System32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\windows\System32\hhctrl.ocx
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - C:\windows\System32\avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\windows\system32\query.dll
Input Devices Collection Class - {C5702CCC-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
iTV Capture Feature Segment - {5740A302-EF0B-45CE-BF3B-4470A14A8980} - C:\Windows\SysWOW64\msvidctl.dll
iTV Playback Feature Segment - {9E797ED0-5253-4243-A9B7-BD06C58F8EF3} - C:\Windows\SysWOW64\msvidctl.dll
Legacy Analog TV Tuner Device Segment - {1C15D484-911D-11D2-B632-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
LW Identities - {A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} - C:\windows\system32\msident.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\Windows\SysWOW64\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\windows\system32\comsvcs.dll
Microsoft Animation Control, version 5.0 (SP2) - {1E216240-1B7D-11CF-9D53-00AA003C9CB6} - C:\windows\SysWow64\comct232.ocx
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\windows\system32\explorerframe.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\Windows\SysWOW64\ieframe.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\Windows\SysWOW64\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft RDP Client Control (redistributable) - version 3 - {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} - C:\windows\system32\mstscax.dll
Microsoft RDP Client Control (redistributable) - version 4 - {7584c670-2274-4efb-b00b-d6aaba6d3850} - C:\windows\system32\mstscax.dll
Microsoft RDP Client Control (redistributable) - version 5 - {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} - C:\windows\system32\mstscax.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\Windows\SysWOW64\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\Windows\SysWOW64\amstream.dll
MS TV Video Control - {B0EDF163-910A-11D2-B632-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
MS Video Control Closed Captioning Feature Segment - {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} - C:\Windows\SysWOW64\msvidctl.dll
MS Video Control Closed Captioning SI Feature Segment - {92ED88BF-879E-448F-B6B6-A385BCEB846D} - C:\Windows\SysWOW64\msvidctl.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\Windows\SysWOW64\wavemsp.dll
MSVidCtl Analog Capture to Encoder Composition Segment - {28953661-0231-41DB-8986-21FF4388EE9B} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Analog Capture to XDS Composition Segment - {3540D440-5B1D-49CB-821A-E84B8CF065A7} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Analog TV to StreamBufferSource Composition Segment - {9F50E8B1-9530-4DDC-825E-1AF81D47AED6} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl CC to Audio Renderer Composition Segment - {D76334CA-D89E-4BAF-86AB-DDB59372AFC2} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl CC to Video Renderer Composition Segment - {C4BF2784-AE00-41BA-9828-9C953BD3C54A} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to CCA Composition Segment - {73D14237-B9DB-4EFA-A6DD-84350421FB2F} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to iTV Composition Segment - {5D8E73F7-4989-4AC8-8A98-39BA0D325302} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to StreamBufferSource Composition Segment - {ABE40035-27C3-4A2F-8153-6624471608AF} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl DVD to Audio Renderer Composition Segment - {8D04238E-9FD1-41C6-8DE3-9E1EE309E935} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Enhanced Video Renderer(DX10) Segment - {C45268A2-FA81-4E19-B1E3-72EDBD60AEDA} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl FilePlayback to Audio Renderer Composition Segment - {CC23F537-18D4-4ECE-93BD-207A84726979} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl FilePlayback to Video Renderer Composition Segment - {B401C5EB-8457-427F-84EA-A4D2363364B0} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl MPEG2 Decoder to Closed Captioning Composition Segment - {6AD28EE1-5002-4E71-AAF7-BD077907B1A4} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to Closed Caption Composition Segment - {9193A8F9-0CBA-400E-AA97-EB4709164576} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to iTV Composition Segment - {2291478C-5EE3-4BEF-AB5D-B5FF2CF58352} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to Video Mixing Renderer Composition Segment - {3C4708DC-B181-46A8-8DA8-4AB0371758CD} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Stream Buffer Source To Generic Sink Composition segment - {991DA7E5-953F-435B-BE5E-B92A05EDFC42} - C:\Windows\SysWOW64\msvidctl.dll
MTSEvents Class - {ECABB0AB-7F19-11D2-978E-0000F8757E2A} - C:\windows\system32\comsvcs.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\windows\System32\netshell.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\windows\System32\netshell.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\windows\System32\netshell.dll
Output Devices Collection Class - {C5702CCD-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\windows\system32\shell32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\windows\system32\comsvcs.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\Windows\SysWOW64\scrrun.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\windows\system32\shell32.dll
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\windows\SysWow64\Adobe\Director\SwDir.dll
Shortcut - {00021401-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\shell32.dll
Skype Class - {830690FC-BF2F-47A6-AC2D-330BCB402664} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SpSharedRecoContext Class - {47206204-5ECA-11D2-960F-00C04F8EE628} - C:\windows\System32\Speech\Common\sapi.dll
SpSharedRecognizer Class - {3BEE4890-4FE9-4A37-8C1E-5E7E12791C1F} - C:\windows\System32\Speech\Common\sapi.dll
Standard Audio Renderer Device Segment - {37B03544-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Standard Video Renderer Device Segment - {37B03543-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Recording Control Object - {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Sink Segment - {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Source - {AD8E510D-217F-409B-8076-29C5E73B98E8} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer V2 Source - {FD351EA1-4173-4AF4-821D-80D4AE979048} - C:\Windows\SysWOW64\MSVidCtl.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\windows\System32\sysmon.ocx
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\windows\system32\stobject.dll
Tablet Tip Soft Keyboard Skin Class - {E94137E0-92ED-4579-9251-18AF2A08CCD1} - %CommonProgramFiles%\microsoft shared\ink\tipskins.dll
Trident HTMLEditor - {3050F4F5-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtmled.dll
Utility Object for Binding Events SubObjects in Script Variables - {577FAA18-4518-445E-8F70-1473F8CF4BA4} - C:\Windows\SysWOW64\msvidctl.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\Windows\SysWOW64\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\Windows\SysWOW64\qedit.dll
Video Mixing Renderer 9 - {51B4ABF3-748F-4E3B-A276-C828330E926A} - C:\Windows\SysWOW64\quartz.dll
Video Mixing Renderer 9 Device Segment - {24DC3975-09BF-4231-8655-3EE71F43837D} - C:\Windows\SysWOW64\msvidctl.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\Windows\SysWOW64\termmgr.dll
Video Renderers Collection Class - {C5702CCE-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
VideoPort Object - {CE292861-FC88-11D0-9E69-00C04FD7C15B} - C:\Windows\SysWOW64\qdvd.dll
VMR Allocator Presenter 9 - {2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64} - C:\Windows\SysWOW64\quartz.dll
VMR ImageSync 9 - {E4979309-7A32-495E-8A92-7B014AAD4961} - C:\Windows\SysWOW64\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\Windows\SysWOW64\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
WebDVD Adminitration class - {FA7C375B-66A7-4280-879D-FD459C84BB02} - C:\Windows\SysWOW64\msvidctl.dll
WebDVD Device Segment - {011B3619-FE63-4814-8A84-15A194CE9CE3} - C:\Windows\SysWOW64\msvidctl.dll
Windows Mail Address Book - {233A9694-667E-11d1-9DFB-006097D50408} - %ProgramFiles%\Windows Mail\msoe.dll
Windows Script Host Shell Object - {72C24DD5-D70A-438B-8A42-98424B88AFB8} - C:\Windows\SysWOW64\wshom.ocx
Windows Script Host Shell Object - {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} - C:\Windows\SysWOW64\wshom.ocx
XDS Feature Segment - {0149EEDF-D08F-4142-8D73-D23903D21E90} - C:\Windows\SysWOW64\msvidctl.dll

[Zones]
* This user *
- Restricted sites (36)
193.125.201.50
205.209.152.121
206.161.124.98
206.161.207.102
207.226.162.34
207.226.164.171
207.226.164.195
208.64.26.150
209.66.122.203
213.131.225.2
213.21.215.186
216.152.240.10
216.152.240.13
216.152.240.14
216.195.44.106
216.255.179.234
216.65.3.68
221.130.176.199
222.208.183.14
59.36.96.132
61.129.75.124
64.124.222.176
64.28.184.5
65.19.154.90
65.75.151.192
66.117.14.138
66.230.138.44
66.230.175.129
66.250.74.150
69.31.131.82
69.50.171.122
81.95.146.147
82.98.235.61
85.249.22.240
85.255.117.157
85.255.117.243

* All users *
- Restricted sites (36)
193.125.201.50
205.209.152.121
206.161.124.98
206.161.207.102
207.226.162.34
207.226.164.171
207.226.164.195
208.64.26.150
209.66.122.203
213.131.225.2
213.21.215.186
216.152.240.10
216.152.240.13
216.152.240.14
216.195.44.106
216.255.179.234
216.65.3.68
221.130.176.199
222.208.183.14
59.36.96.132
61.129.75.124
64.124.222.176
64.28.184.5
65.19.154.90
65.75.151.192
66.117.14.138
66.230.138.44
66.230.175.129
66.250.74.150
69.31.131.82
69.50.171.122
81.95.146.147
82.98.235.61
85.249.22.240
85.255.117.157
85.255.117.243

[Stopped/disabled NT Services]
* Stopped (89) *
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 = C:\windows\System32\svchost.exe -k secsvcs
@%SystemRoot%\ehome\ehrecvr.exe,-101 = C:\windows\ehome\ehRecvr.exe
@%SystemRoot%\ehome\ehres.dll,-15501 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\ehome\ehsched.exe,-101 = C:\windows\ehome\ehsched.exe
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 = "C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
@%SystemRoot%\servicing\TrustedInstaller.exe,-100 = C:\windows\servicing\TrustedInstaller.exe
@%SystemRoot%\system32\aelupsvc.dll,-1 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\Alg.exe,-112 = C:\windows\System32\alg.exe
@%systemroot%\system32\appidsvc.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%systemroot%\system32\appinfo.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\bdesvc.dll,-100 = C:\windows\System32\svchost.exe -k netsvcs
@%systemroot%\system32\browser.dll,-100 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\bthserv.dll,-101 = C:\windows\system32\svchost.exe -k bthsvcs
@%SystemRoot%\system32\defragsvc.dll,-101 = C:\windows\system32\svchost.exe -k defragsvc
@%systemroot%\system32\dot3svc.dll,-1102 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\eapsvc.dll,-1 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\efssvc.dll,-100 = C:\windows\System32\lsass.exe
@%systemroot%\system32\FntCache.dll,-100 = C:\windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\fxsresm.dll,-118 = C:\windows\system32\fxssvc.exe
@%SystemRoot%\System32\hidserv.dll,-101 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\ieetwcollectorres.dll,-1000 = C:\windows\system32\IEEtwCollector.exe /V
@%systemroot%\system32\IPBusEnum.dll,-102 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\ipnathlp.dll,-106 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\iscsidsc.dll,-5000 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\kmsvc.dll,-6 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\ListSvc.dll,-100 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\lltdres.dll,-1 = C:\windows\System32\svchost.exe -k LocalService
@%systemroot%\system32\Locator.exe,-2 = C:\windows\system32\locator.exe
@%systemroot%\system32\mmcss.dll,-102 = C:\windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\msimsg.dll,-27 = C:\windows\system32\msiexec.exe /V
@%SystemRoot%\system32\netman.dll,-109 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\netprofm.dll,-202 = C:\windows\System32\svchost.exe -k LocalService
@%SystemRoot%\system32\pcasvc.dll,-1 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\pla.dll,-500 = C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\pnrpauto.dll,-8002 = C:\windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\System32\polstore.dll,-5010 = C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
@%SystemRoot%\System32\provsvc.dll,-100 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\psbase.dll,-300 = C:\windows\system32\lsass.exe
@%SystemRoot%\system32\qagentrt.dll,-6 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\qwave.dll,-1 = %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%Systemroot%\system32\rasauto.dll,-200 = C:\windows\System32\svchost.exe -k netsvcs
@%Systemroot%\system32\rasmans.dll,-200 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sdrsvc.dll,-107 = C:\windows\system32\svchost.exe -k SDRSVC
@%SystemRoot%\system32\seclogon.dll,-7001 = %windir%\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\SessEnv.dll,-1026 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sppuinotify.dll,-103 = C:\windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\ssdpsrv.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\sstpsvc.dll,-200 = C:\windows\system32\svchost.exe -k LocalService
@%SystemRoot%\System32\swprv.dll,-103 = C:\windows\System32\svchost.exe -k swprv
@%SystemRoot%\system32\TabSvc.dll,-100 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\tapisrv.dll,-10100 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\tbssvc.dll,-100 = C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\System32\termsrv.dll,-268 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\trkwks.dll,-1 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\ui0detect.exe,-101 = C:\windows\system32\UI0Detect.exe
@%systemroot%\system32\upnphost.dll,-213 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\vaultsvc.dll,-1003 = C:\windows\system32\lsass.exe
@%SystemRoot%\system32\vds.exe,-100 = C:\windows\System32\vds.exe
@%systemroot%\system32\vssvc.exe,-102 = C:\windows\system32\vssvc.exe
@%SystemRoot%\system32\w32time.dll,-200 = C:\windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\Wat\WatUX.exe,-601 = C:\windows\system32\Wat\WatAdminSvc.exe
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110 = C:\windows\system32\wbem\WmiApSrv.exe
@%systemroot%\system32\wbengine.exe,-104 = "C:\windows\system32\wbengine.exe"
@%systemroot%\system32\wbiosrvc.dll,-100 = C:\windows\system32\svchost.exe -k WbioSvcGroup
@%SystemRoot%\system32\wcncsvc.dll,-3 = C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\WcsPlugInService.dll,-200 = C:\windows\system32\svchost.exe -k wcssvc
@%systemroot%\system32\wdi.dll,-500 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\wdi.dll,-502 = C:\windows\System32\svchost.exe -k LocalService
@%SystemRoot%\system32\wecsvc.dll,-200 = C:\windows\system32\svchost.exe -k NetworkService
@%SystemRoot%\System32\wercplsupport.dll,-101 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\wpcsvc.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wudfsvc.dll,-1000 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\wwansvc.dll,-257 = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
@%systemroot%\sysWow64\perfhost.exe,-2 = C:\windows\SysWow64\perfhost.exe
@comres.dll,-2797 = C:\windows\System32\msdtc.exe
@comres.dll,-2946 = C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
@comres.dll,-947 = C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
@keyiso.dll,-100 = C:\windows\system32\lsass.exe
GameConsoleService = "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe"
Google Software Updater = "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Google Update Service (gupdatem) = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
InstallDriver Table Manager = "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Office 64 Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Office Software Protection Platform = "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
TMachInfo = C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
TOSHIBA HDD SSD Alert Service = "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
TOSHIBA Power Saver = "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
TPCH Service = "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
Windows Error Reporting Service = C:\windows\System32\svchost.exe -k WerSvcGroup

* Stopped & disabled (28) *
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 = "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
@%SystemRoot%\system32\AxInstSV.dll,-103 = C:\windows\system32\svchost.exe -k AxInstSVGroup
@%SystemRoot%\System32\certprop.dll,-11 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\certprop.dll,-13 = C:\windows\system32\svchost.exe -k netsvcs
@%systemroot%\system32\fdPHost.dll,-100 = C:\windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\fdrespub.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\iphlpsvc.dll,-500 = C:\windows\System32\svchost.exe -k NetSvcs
@%Systemroot%\system32\mprdim.dll,-200 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\netlogon.dll,-102 = C:\windows\system32\lsass.exe
@%SystemRoot%\system32\p2psvc.dll,-8006 = C:\windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\system32\pnrpsvc.dll,-8000 = C:\windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\system32\pnrpsvc.dll,-8004 = C:\windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\System32\SCardSvr.dll,-1 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\System32\sensrsvc.dll,-1000 = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\snmptrap.exe,-3 = C:\windows\System32\snmptrap.exe
@%systemroot%\system32\webclnt.dll,-100 = C:\windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\winhttp.dll,-100 = C:\windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\wpdbusenum.dll,-100 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%Systemroot%\system32\wsmsvc.dll,-101 = C:\windows\System32\svchost.exe -k NetworkService
@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195 = "C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197 = C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199 = C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201 = C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
@regsvc.dll,-1 = C:\windows\system32\svchost.exe -k regsvc
ASP.NET State Service = C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
Microsoft .NET Framework NGEN v2.0.50727_X64 = C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Microsoft .NET Framework NGEN v2.0.50727_X86 = C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Windows Live Mesh remote connections service = "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

URL search hooks (1):

Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (1) *
Start Page = http://search.yahoo....r=spigot-yhp-ie

--------------------

Protection & disabled items:

[Zones]
* Restricted sites (36) *
193.125.201.50
205.209.152.121
206.161.124.98
206.161.207.102
207.226.162.34
207.226.164.171
207.226.164.195
208.64.26.150
209.66.122.203
213.131.225.2
213.21.215.186
216.152.240.10
216.152.240.13
216.152.240.14
216.195.44.106
216.255.179.234
216.65.3.68
221.130.176.199
222.208.183.14
59.36.96.132
61.129.75.124
64.124.222.176
64.28.184.5
65.19.154.90
65.75.151.192
66.117.14.138
66.230.138.44
66.230.175.129
66.250.74.150
69.31.131.82
69.50.171.122
81.95.146.147
82.98.235.61
85.249.22.240
85.255.117.157
85.255.117.243

==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

URL search hooks (1):

Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (1) *
Start Page = http://search.yahoo....r=spigot-yhp-ie

--------------------

Protection & disabled items:

[Zones]
* Restricted sites (36) *
193.125.201.50
205.209.152.121
206.161.124.98
206.161.207.102
207.226.162.34
207.226.164.171
207.226.164.195
208.64.26.150
209.66.122.203
213.131.225.2
213.21.215.186
216.152.240.10
216.152.240.13
216.152.240.14
216.195.44.106
216.255.179.234
216.65.3.68
221.130.176.199
222.208.183.14
59.36.96.132
61.129.75.124
64.124.222.176
64.28.184.5
65.19.154.90
65.75.151.192
66.117.14.138
66.230.138.44
66.230.175.129
66.250.74.150
69.31.131.82
69.50.171.122
81.95.146.147
82.98.235.61
85.249.22.240
85.255.117.157
85.255.117.243

==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

Services:

[NT Services (57)]
@%SystemRoot%\system32\audiosrv.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\audiosrv.dll,-204 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\bfe.dll,-1001 = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\cryptsvc.dll,-1001 = C:\windows\system32\svchost.exe -k NetworkService
@%SystemRoot%\system32\dhcpcore.dll,-100 = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\System32\dnsapi.dll,-101 = C:\windows\system32\svchost.exe -k NetworkService
@%systemroot%\system32\dps.dll,-500 = C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\dwm.exe,-2000 = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\FirewallAPI.dll,-23090 = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\ikeext.dll,-501 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\lmhsvc.dll,-101 = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\mmcss.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\nlasvc.dll,-1 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\nsisvc.dll,-200 = C:\windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\profsvc.dll,-300 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\qmgr.dll,-1000 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\samsrv.dll,-1 = C:\windows\system32\lsass.exe
@%SystemRoot%\system32\schedsvc.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%systemroot%\system32\SearchIndexer.exe,-103 = C:\windows\system32\SearchIndexer.exe /Embedding
@%SystemRoot%\system32\Sens.dll,-200 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\shsvcs.dll,-12288 = C:\windows\System32\svchost.exe -k netsvcs
@%systemroot%\system32\spoolsv.exe,-1 = C:\windows\System32\spoolsv.exe
@%SystemRoot%\system32\sppsvc.exe,-101 = C:\windows\system32\sppsvc.exe
@%systemroot%\system32\srvsvc.dll,-100 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sysmain.dll,-1000 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\themeservice.dll,-8192 = C:\windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\umpnpmgr.dll,-100 = C:\windows\system32\svchost.exe -k DcomLaunch
@%SystemRoot%\system32\umpo.dll,-100 = C:\windows\system32\svchost.exe -k DcomLaunch
@%Systemroot%\system32\wbem\wmisvc.dll,-205 = C:\windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\wevtsvc.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wiaservc.dll,-9 = C:\windows\system32\svchost.exe -k imgsvc
@%systemroot%\system32\wkssvc.dll,-100 = C:\windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\System32\wlansvc.dll,-257 = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\wscsvc.dll,-200 = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\wuaueng.dll,-105 = C:\windows\system32\svchost.exe -k netsvcs
@%windir%\system32\RpcEpMap.dll,-1001 = C:\windows\system32\svchost.exe -k RPCSS
@comres.dll,-2450 = C:\windows\system32\svchost.exe -k LocalService
@gpapi.dll,-112 = %windir%\system32\svchost.exe -k GPSvcGroup
@oleres.dll,-5010 = C:\windows\system32\svchost.exe -k rpcss
@oleres.dll,-5012 = C:\windows\system32\svchost.exe -k DcomLaunch
Adobe Acrobat Update Service = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Common Client Job Manager Service = "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll" /prefetch:1
Google Update Service (gupdate) = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
IconMan_R = "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
Intel® Management & Security Application User Notification Service = "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
Intel® Management and Security Application Local Management Service = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Kaspersky Anti-Virus Service = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r
MBAMScheduler = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
MBAMService = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
Microsoft .NET Framework NGEN v4.0.30319_X64 = C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Microsoft .NET Framework NGEN v4.0.30319_X86 = C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MultiKMS = "C:\Windows\MultiKMS\MultiKMS.exe"
Skype Updater = "C:\Program Files (x86)\Skype\Updater\Updater.exe"
TeamViewer 9 = "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
Toshiba Laptop Checkup Application Launcher = C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe /s
TOSHIBA Optical Disc Drive Service = C:\Windows\system32\TODDSrv.exe
Windows Live ID Sign-in Assistant = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
sermouse.sys
vga.sys
vgasave.sys
volmgr.sys
volmgrx.sys
WudfPf
WudfRd

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AppInfo
AppMgmt
CryptSvc
DcomLaunch
EFS
EventLog
HelpSvc
KeyIso
Netlogon
NTDS
PlugPlay
Power
ProfSvc
RpcEptMapper
RpcSs
sacsvr
SWPRV
TabletInputService
TBS
TrustedInstaller
VDS
vmms
WinDefend
WinMgmt
WudfSvc

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
bowser
dfsc
ipnat.sys
MPSDrv
mrxsmb
mrxsmb10
mrxsmb20
ndiscap
nsiproxy.sys
rdbss
rdpencdd.sys
sermouse.sys
vga.sys
vgasave.sys
volmgr.sys
volmgrx.sys
WudfPf
WudfRd
WudfUsbccidDriver

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AFD
AppInfo
AppMgmt
BFE
Browser
CryptSvc
DcomLaunch
Dhcp
DnsCache
Dot3Svc
Eaphost
EFS
EventLog
HelpSvc
IKEEXT
KeyIso
LanmanServer
LanmanWorkstation
LmHosts
Messenger
MPSSvc
NativeWifiP
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
netprofm
NlaSvc
Nsi
NTDS
PlugPlay
PolicyAgent
Power
ProfSvc
rdsessmgr
RpcEptMapper
RpcSs
sacsvr
SCardSvr
SharedAccess
SWPRV
TabletInputService
TBS
Tcpip
TrustedInstaller
VaultSvc
VDS
vmms
WinDefend
WinMgmt
Wlansvc
WudfSvc

* Smart card readers *
{50DD5230-BA8A-11D1-BF5D-0000F805F530}

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Imaging devices *
- Upper filters
PGEffect.sys
ksthunk.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Mice and other pointing devices *
- Upper filters
klmouflt.sys
mouclass.sys

* Smart card readers *
- Upper filters
scfilter.sys

* Sound, video and game controllers *
- Upper filters
ksthunk.sys

* Storage Volumes *
- Lower filters
fvevol.sys
rdyboost.sys

[Device filters]
* @cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive *
- Lower filters
tdcmdpst.sys

* @cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive *
- Lower filters
tdcmdpst.sys

* @machine.inf,%rdp_kbd.devicedesc%;Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* @machine.inf,%rdp_mou.devicedesc%;Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* @netrasa.inf,%mp-bh-dispname%;WAN Miniport (Network Monitor) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ipv6-dispname%;WAN Miniport (IPv6) *
- Lower filters
NdisTapi.sys

* @oem18.inf,%*tos1900.devicedescntamd64%;TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device *
- Upper filters
TVALZFL.sys

* @oem31.inf,%ps2.syndevicedesc%;Synaptics PS/2 Port TouchPad *
- Upper filters
SynTP.sys

* @oem33.inf,%rtl8188ce.devicedesc%;Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC *
- Upper filters
vwifibus.sys

* Apple iPhone *
- Lower filters
WinUsb.sys

* HDR-CX220 *
- Lower filters
WinUsb.sys

* SM-G900T *
- Lower filters
WinUsb.sys

--------------------

Print monitors (7):

Canon BJ Language Monitor MG2100 series - CNMLMAQ.DLL
Local Port - localspl.dll
Microsoft Shared Fax Monitor - FXSMON.DLL
ML163S Langmon - ml163sl6.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll
WSD Port - WSDMon.dll

--------------------

WOW compatibility:

[KnownDlls (32-bit) (28)]
advapi32.dll
clbcatq.dll
COMDLG32.dll
difxapi.dll
gdi32.dll
IERTUTIL.dll
IMAGEHLP.dll
IMM32.dll
kernel32.dll
LPK.dll
MSCTF.dll
MSVCRT.dll
NORMALIZ.dll
NSI.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
rpcrt4.dll
sechost.dll
Setupapi.dll
SHELL32.dll
SHLWAPI.dll
URLMON.dll
user32.dll
USP10.dll
WININET.dll
WLDAP32.dll
WS2_32.dll

#4
ruggie_uk

Posted 07 August 2014 - 07:22 AM

Trusted Helper

Malware Removal
2,083 posts

Sorry to jump in, but were you running on battery when you did the cpu-z test?

That cpu should run at 2.13ghz. It may be in lower power mode.

#5
donetao

Posted 07 August 2014 - 10:08 AM

Banned

Banned
753 posts

Hello!

New program from Malwarebytes!

Personally I think team work is good ruggie_uk. As long as the suggestions aren't confusing the OP.

I don't see how your suggestion would confuse the OP and it would only help them!

I would like to see more team work. Mr. Phill and I get along just fine helping members.

If I'm helping a member, all GTG members are welcome!

Now here's my 2 cents! :laughing:

https://www.malwareb...rg/startuplite/

#6
BearCavalry

Posted 07 August 2014 - 10:37 AM

Member

Topic Starter
Member
141 posts

Sorry to jump in, but were you running on battery when you did the cpu-z test?

That cpu should run at 2.13ghz. It may be in lower power mode.

Hello Ruggie. The laptop was plugged into the wall.

Hello!

New program from Malwarebytes!

Personally I think team work is good ruggie_uk. As long as the suggestions aren't confusing the OP.

I don't see how your suggestion would confuse the OP and it would only help them!

I would like to see more team work. Mr. Phill and I get along just fine helping members.

If I'm helping a member, all GTG members are welcome!

Now here's my 2 cents!

https://www.malwareb...rg/startuplite/

Thank you Donetao, I will igive this program a shot.

Edited by BearCavalry, 07 August 2014 - 11:33 AM.

#7
Plastic Nev

Posted 07 August 2014 - 02:05 PM

Member

Member
485 posts

It might also be a good idea to download and install speccy and lets see what temperatures are running at, speccy download starts automatically from here :-

http://www.piriform....wnload/standard

Once downloaded and installed, open it and check the temperatures, especially the CPU! If higher than 55C after a few minutes running it is probably clogged up with dust and wants cleaning. High temperatures will slow the CPU down.

It may be best to let one of the qualified malware removal guys have a look at you.

Nev.

Edited by CompCav, 07 August 2014 - 03:41 PM.
Remove malware tool request

#8
donetao

Posted 07 August 2014 - 02:48 PM

Banned

Banned
753 posts

et us know what Malwarebytes finds as well, and depending on what is shown it may be best to let one of the qualified malware removal guys have a look at you.

Hello Nev! This site has a rule about suggesting how to use MBAM???? Ok to suggest down loading, but can't inform the OP how to use it.

I learned that the hard way. :oops: I broke the rule also, so don't feel bad. Glad to have you aboard!

#9
BearCavalry

Posted 07 August 2014 - 05:06 PM

Member

Topic Starter
Member
141 posts

That Malwarebytes program somehow says "no unnecessary items found". I have no idea how the heck that's possible.

I used speccy on that laptop, and it didn't show anything as overheating.

Edited by BearCavalry, 07 August 2014 - 05:24 PM.

#10
Ztruker

Posted 07 August 2014 - 05:26 PM

Member 5k

Technician
7,091 posts

Suggestions:

Uninstall Google Chrome, use Firefox, Palemoon, even Internet Explorer.
Uninstall anything Google related.
Uninstall Glary Utilities or at least disable it from auto-starting.
Uninstall Kaspersky, replace with Microsoft Security Essentials.

See how it runs now.

If still very slow, try doing a Clean boot and follow instructions here: Clean boot Vista and Windows 7

#11
BearCavalry

Posted 08 August 2014 - 04:49 PM

Member

Topic Starter
Member
141 posts

Suggestions:

Uninstall Google Chrome, use Firefox, Palemoon, even Internet Explorer.
Uninstall anything Google related.
Uninstall Glary Utilities or at least disable it from auto-starting.
Uninstall Kaspersky, replace with Microsoft Security Essentials.

See how it runs now.

If still very slow, try doing a Clean boot and follow instructions here: Clean boot Vista and Windows 7

Thank you for the tips! It seems to have made a little bit of difference.

I consider this topic solved, or finished. So if an Administrator wishes ro close this thread, they may. I do not know how to mark a thread as "Solved".