This topic is lockedIt says that it isn't compatible with my machine to use frst64, is there a link to that?
THANKS!
Something on my laptop is eating 25gig a day of my data limit [Solved]
Started by
grancarol
, Aug 19 2014 07:31 PM
malware malware - virus trojan??????
#17
Posted 23 August 2014 - 07:34 AM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
I found the 64bit version on the same site, here are the results:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by User (administrator) on USER-PC on 23-08-2014 08:29:54
Running from C:\Users\User\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\Run: [Magellan CmTray] => C:\Program Files (x86)\Content Manager\CmTray.exe
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\MountPoints2: {0a5f369b-955b-11e3-ba77-00266c6a4c19} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\MountPoints2: {6bc87f44-9b6b-11df-8cfd-806e6f6e6963} - E:\setup.exe -a
HKU\S-1-5-21-447802036-2442592229-764857793-1000\...\MountPoints2: {73ec9501-8e12-11e2-9b24-00266c6a4c19} - E:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\B-Line.lnk
ShortcutTarget: B-Line.lnk -> C:\Users\Public\New Tier\CommunicatorV3\version_check_v3.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\User\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.sra-h.../mail/login.php
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKLM - DefaultScope {B7CAB0D1-34D0-441A-BD6F-2436605CB520} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B7CAB0D1-34D0-441A-BD6F-2436605CB520} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {A9008EF1-D724-4E52-B061-22700DCAD677} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {A9008EF1-D724-4E52-B061-22700DCAD677} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {A9008EF1-D724-4E52-B061-22700DCAD677} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {B7CAB0D1-34D0-441A-BD6F-2436605CB520} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.152.37.23
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-11-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-06-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Meeting Center\Modules\Firefox
FF Extension: Meeting Center - C:\Program Files (x86)\Meeting Center\Modules\Firefox [2012-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-11]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-17]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-04-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-05-30] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140815.001\IDSvia64.sys [525016 2014-06-27] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140816.002\ENG64.SYS [126040 2014-06-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140816.002\EX64.SYS [2099288 2014-06-27] (Symantec Corporation)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-09-01] (Realtek Semiconductor Corp.)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 08:29 - 2014-08-23 08:30 - 00033965 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-23 08:28 - 2014-08-23 08:29 - 00000000 ____D () C:\FRST
2014-08-23 08:27 - 2014-08-23 08:28 - 02102784 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-23 08:23 - 2014-08-23 08:23 - 01094656 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-08-22 21:00 - 2014-08-22 21:00 - 00000000 ____D () C:\_OTL
2014-08-21 19:29 - 2014-08-21 19:29 - 00104676 _____ () C:\Users\User\Downloads\Extras.Txt
2014-08-21 19:27 - 2014-08-23 07:08 - 00115446 _____ () C:\Users\User\Downloads\OTL.Txt
2014-08-21 18:51 - 2014-08-21 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL (1).exe
2014-08-21 18:50 - 2014-08-21 18:50 - 00000000 _____ () C:\Users\User\Documents\otl.htm
2014-08-21 18:49 - 2014-08-21 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-08-21 18:47 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 18:47 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 18:47 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 18:47 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 18:47 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 18:47 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 18:47 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-21 18:47 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 18:47 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 18:47 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 18:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 18:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 18:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 18:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-19 18:38 - 2014-08-23 07:51 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 18:37 - 2014-08-22 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 18:37 - 2014-08-19 18:37 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 18:37 - 2014-08-19 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 18:37 - 2014-08-19 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 18:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 18:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-19 18:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-18 08:21 - 2014-08-18 08:28 - 00000000 ____D () C:\Users\Reese\AppData\Roaming\BitMeter2
2014-08-18 08:18 - 2014-08-18 08:18 - 00000000 __SHD () C:\Users\Reese\AppData\Local\EmieUserList
2014-08-18 08:18 - 2014-08-18 08:18 - 00000000 __SHD () C:\Users\Reese\AppData\Local\EmieSiteList
2014-08-17 11:17 - 2014-08-23 08:30 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-08-17 11:17 - 2014-08-17 13:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bitmeter2
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\Users\User\Downloads\BitMeter2
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-08-17 11:16 - 2014-08-17 11:16 - 01417925 _____ () C:\Users\User\Downloads\BitMeter2.zip
2014-08-17 10:24 - 2014-08-17 10:46 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-08-17 10:24 - 2014-08-17 10:46 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-08-17 09:44 - 2014-08-17 09:53 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-08-17 09:35 - 2014-08-19 18:17 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Rescue Applet
2014-08-17 09:34 - 2014-08-17 09:35 - 01525056 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue.exe
2014-08-16 08:50 - 2014-08-16 08:50 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-08-16 08:47 - 2014-08-22 21:05 - 00003336 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-447802036-2442592229-764857793-1000
2014-08-16 08:47 - 2014-08-22 21:05 - 00003200 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-447802036-2442592229-764857793-1000
2014-08-12 21:58 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-12 21:58 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-12 21:58 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-12 21:58 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-12 21:58 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-12 21:58 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-12 21:58 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-12 21:58 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-12 15:34 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-12 15:34 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-12 15:34 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 15:34 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-12 15:34 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-12 15:34 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-12 15:34 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 15:34 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-12 15:34 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-12 15:34 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-12 15:34 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-12 15:34 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-12 15:34 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-12 15:34 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-12 15:34 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-12 15:34 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-12 15:34 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-12 15:34 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-12 15:34 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-12 15:34 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-12 15:34 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-12 15:34 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-12 15:34 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-12 15:34 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-12 15:34 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-12 15:34 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-12 15:34 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-12 15:34 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-12 15:34 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-12 15:34 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-12 15:34 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-12 15:34 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-12 15:34 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-12 15:34 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-12 15:34 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-12 15:34 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-12 15:34 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-12 15:33 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-12 15:33 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-12 15:33 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-12 15:33 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-12 15:33 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-12 15:33 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-12 15:33 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-12 15:33 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-12 15:33 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-12 15:33 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-12 15:33 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-12 15:33 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-12 15:33 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-12 15:33 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-12 15:33 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-12 15:33 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-12 15:33 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-12 15:33 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-12 15:33 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-12 15:33 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-12 15:33 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-12 15:33 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-12 15:33 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-12 15:33 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-12 15:33 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-12 15:33 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-12 15:33 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-12 15:33 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-12 15:33 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-12 15:33 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-12 15:33 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-12 15:33 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-12 15:33 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-12 15:33 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-12 15:33 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-12 15:33 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-12 15:33 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-12 15:33 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-12 15:33 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-12 15:33 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-12 15:33 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-12 15:33 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-12 15:33 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-12 15:33 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-12 15:33 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-12 15:33 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-12 15:30 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-12 15:30 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-12 15:30 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-12 15:30 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00000225 _____ () C:\Users\User\Downloads\gscounters (1).js
2014-08-09 17:53 - 2014-08-09 17:53 - 00000225 _____ () C:\Users\User\Downloads\gscounters.js
2014-08-07 21:01 - 2014-08-07 21:01 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-08-07 21:01 - 2014-08-07 21:01 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-07 20:31 - 2014-08-07 20:31 - 00000000 ____D () C:\ProgramData\Ant
2014-08-07 17:26 - 2014-08-07 21:02 - 00000000 ____D () C:\Program Files\DIFX
2014-08-03 11:09 - 2014-08-03 11:09 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-07-28 21:02 - 2014-08-04 19:59 - 00000000 ____D () C:\Users\User\Desktop\Birmingham Zoo 7-16-2014
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 08:30 - 2014-08-23 08:29 - 00033965 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-23 08:30 - 2014-08-17 11:17 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-08-23 08:29 - 2014-08-23 08:28 - 00000000 ____D () C:\FRST
2014-08-23 08:28 - 2014-08-23 08:27 - 02102784 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-23 08:23 - 2014-08-23 08:23 - 01094656 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-08-23 08:20 - 2014-01-25 11:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 08:20 - 2012-12-30 13:42 - 01668070 _____ () C:\windows\WindowsUpdate.log
2014-08-23 08:20 - 2011-12-26 13:54 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 07:56 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 07:56 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 07:54 - 2013-05-09 16:53 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-23 07:52 - 2009-07-13 21:34 - 00000513 _____ () C:\windows\win.ini
2014-08-23 07:51 - 2014-08-19 18:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 07:51 - 2011-12-26 13:54 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 07:48 - 2012-12-30 13:38 - 00021210 _____ () C:\windows\setupact.log
2014-08-23 07:48 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-23 07:48 - 2009-07-13 23:45 - 00422232 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-23 07:08 - 2014-08-21 19:27 - 00115446 _____ () C:\Users\User\Downloads\OTL.Txt
2014-08-23 06:55 - 2010-07-09 22:47 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{2767F662-E580-4DF5-8EF3-61FBF61269C2}
2014-08-22 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-08-22 21:41 - 2014-08-19 18:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 21:11 - 2011-06-01 20:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2014-08-22 21:05 - 2014-08-16 08:47 - 00003336 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-447802036-2442592229-764857793-1000
2014-08-22 21:05 - 2014-08-16 08:47 - 00003200 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-447802036-2442592229-764857793-1000
2014-08-22 21:03 - 2009-12-01 22:00 - 00868072 _____ () C:\windows\PFRO.log
2014-08-22 21:00 - 2014-08-22 21:00 - 00000000 ____D () C:\_OTL
2014-08-21 19:29 - 2014-08-21 19:29 - 00104676 _____ () C:\Users\User\Downloads\Extras.Txt
2014-08-21 18:51 - 2014-08-21 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL (1).exe
2014-08-21 18:50 - 2014-08-21 18:50 - 00000000 _____ () C:\Users\User\Documents\otl.htm
2014-08-21 18:49 - 2014-08-21 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-08-19 19:19 - 2009-07-14 00:13 - 00803910 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-19 18:37 - 2014-08-19 18:37 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 18:37 - 2014-08-19 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 18:37 - 2014-08-19 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-19 18:17 - 2014-08-17 09:35 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Rescue Applet
2014-08-18 08:28 - 2014-08-18 08:21 - 00000000 ____D () C:\Users\Reese\AppData\Roaming\BitMeter2
2014-08-18 08:18 - 2014-08-18 08:18 - 00000000 __SHD () C:\Users\Reese\AppData\Local\EmieUserList
2014-08-18 08:18 - 2014-08-18 08:18 - 00000000 __SHD () C:\Users\Reese\AppData\Local\EmieSiteList
2014-08-17 13:01 - 2014-08-17 11:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bitmeter2
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\Users\User\Downloads\BitMeter2
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-08-17 11:17 - 2014-08-17 11:17 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-08-17 11:16 - 2014-08-17 11:16 - 01417925 _____ () C:\Users\User\Downloads\BitMeter2.zip
2014-08-17 10:46 - 2014-08-17 10:24 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-08-17 10:46 - 2014-08-17 10:24 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-08-17 09:53 - 2014-08-17 09:44 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-08-17 09:44 - 2010-04-12 09:21 - 00000000 ____D () C:\ProgramData\Norton
2014-08-17 09:35 - 2014-08-17 09:34 - 01525056 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue.exe
2014-08-16 08:50 - 2014-08-16 08:50 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-08-16 08:44 - 2013-12-04 07:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-08-16 08:44 - 2013-12-04 03:05 - 00002330 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-16 08:44 - 2013-02-13 10:11 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-08-16 08:44 - 2013-02-13 10:10 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-08-15 20:53 - 2012-04-17 19:59 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 19:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-12 22:13 - 2009-12-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 22:06 - 2013-07-26 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-08-12 22:02 - 2010-05-29 11:21 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-12 21:58 - 2014-05-08 20:39 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-09 17:54 - 2014-08-09 17:54 - 00000225 _____ () C:\Users\User\Downloads\gscounters (1).js
2014-08-09 17:53 - 2014-08-09 17:53 - 00000225 _____ () C:\Users\User\Downloads\gscounters.js
2014-08-07 21:06 - 2013-08-24 08:28 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-07 21:03 - 2013-08-24 08:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 21:02 - 2014-08-07 17:26 - 00000000 ____D () C:\Program Files\DIFX
2014-08-07 21:02 - 2011-01-28 13:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\GARMIN
2014-08-07 21:01 - 2014-08-07 21:01 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-08-07 21:01 - 2014-08-07 21:01 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-07 21:01 - 2013-08-24 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-07 21:01 - 2013-08-24 08:28 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-07 20:31 - 2014-08-07 20:31 - 00000000 ____D () C:\ProgramData\Ant
2014-08-06 21:06 - 2014-08-12 15:30 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-12 15:30 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-04 19:59 - 2014-07-28 21:02 - 00000000 ____D () C:\Users\User\Desktop\Birmingham Zoo 7-16-2014
2014-08-03 12:17 - 2011-11-18 21:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\PrimoPDF
2014-08-03 11:09 - 2014-08-03 11:09 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-07-31 18:41 - 2014-08-12 15:33 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-12 15:33 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-28 19:19 - 2012-05-14 06:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 19:19 - 2012-05-14 06:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 09:52 - 2014-08-12 15:33 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-12 15:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-12 15:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-12 15:33 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-12 15:33 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-12 15:34 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 08:28 - 2014-08-12 15:33 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 08:25 - 2014-08-12 15:33 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-12 15:33 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-12 15:33 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-12 15:33 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-12 15:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-12 15:33 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-12 15:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-12 15:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-12 15:33 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-12 15:33 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-12 15:33 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-12 15:33 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-12 15:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-12 15:34 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-12 15:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-12 15:34 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:28 - 2014-08-12 15:33 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 07:21 - 2014-08-12 15:33 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-12 15:33 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-12 15:33 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-12 15:34 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 07:17 - 2014-08-12 15:33 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 07:12 - 2014-08-12 15:33 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-12 15:33 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-12 15:33 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-12 15:34 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-12 15:33 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-12 15:34 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-12 15:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-12 15:34 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-12 15:33 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-12 15:33 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-12 15:33 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-12 15:33 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-12 15:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-12 15:33 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-12 15:33 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-12 15:34 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-12 15:33 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-12 15:33 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-12 15:33 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-12 15:33 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-12 15:33 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-12 15:33 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-12 15:33 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-12 15:33 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-12 15:34 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 03:01 - 2012-05-14 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 00:39
==================== End Of Log ============================
contents of addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by User at 2014-08-23 08:30:50
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (x32 Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (x32 Version: 7.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alibre Design (HKLM-x32\...\{5653EDEC-7F32-4BAA-82CA-0503AE696E6F}) (Version: 12.1.0.12047 - Alibre, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.0.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)
Auburn University Screen Saver (HKLM-x32\...\Auburn University) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.1.0.29 - Best Buy)
Best Buy Software Installer (Version: 2.1.0.29 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden
BitMeter (HKLM-x32\...\BitMeter) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
ConvertXtoDVD 4.1.9.347 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.9.347 - )
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CUBIT 13.0 CUBIT (HKLM-x32\...\Cubit) (Version: 13.0 - Sandia National Laboratories)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dreamship Tales (HKLM-x32\...\Dreamship Tales) (Version: - )
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
ExtractNow (HKLM-x32\...\ExtractNow_is1) (Version: - Nathan Moinvaziri)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{70BF6489-4E33-4AFE-90B6-9A8120E6EEA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Igor Pro (HKLM-x32\...\Igor Pro) (Version: - )
Intel PROSet Wireless (Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}) (Version: 1.1.8.0 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JumpStart Advanced Kindergarten (HKLM-x32\...\JumpStart Advanced Kindergarten) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Ken Ward's Zipper 1.4000 (HKLM-x32\...\Ken Ward's Zipper_is1) (Version: - Ken Ward)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
MATLAB Student R2010a (HKLM-x32\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Meeting Center (HKLM-x32\...\{96312C46-E17A-4598-B1C6-C21C288840B5}) (Version: 4.11.7.244 - The Teleconferencing Center)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox (3.6.25) (HKLM-x32\...\Mozilla Firefox (3.6.25)) (Version: 3.6.25 (en-US) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Pioneer 3.4.4.162 (HKLM-x32\...\Pioneer 3.4.4.162) (Version: 3.4.4.162 - )
Pioneer 4.2.0.66 (x64, VS2008) (HKLM\...\Pioneer 4.2.0.66 (x64, VS2008)) (Version: 4.2.0.66 (x64, VS2008) - )
Pioneer Overview (HKLM-x32\...\Pioneer Overview) (Version: 1.0 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Reader Rabbit Learn To Read With Phonics (HKLM-x32\...\Reader Rabbit Learn To Read With Phonics) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30103 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
TextPad 7 (HKLM-x32\...\{9F53AC20-2D32-4341-9DA1-29DD40E2199E}) (Version: 7.0.9 - Helios)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.16 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.08.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.35.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.35.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.35.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
TOSHIBA Wireless Display Update Package (HKLM-x32\...\{41773726-92D0-4265-A0F8-DD980CA1AEC4}) (Version: 1.0.1 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TPV (HKLM-x32\...\{D386A925-7B67-4332-9948-3011658642ED}) (Version: 2.1.0 - TBE-TSI)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Where in the World Is Carmen Sandiego? Treasures of Knowledge (HKLM-x32\...\Where in the World Is Carmen Sandiego? Treasures of Knowledge) (Version: - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Update KB958639 (HKLM-x32\...\{8A519969-3D04-4424-A3F9-E3299DCB2005}) (Version: 1.0.0.0 - Microsoft Corporation)
WinOSC 6.5 (HKLM-x32\...\{DDA98443-1DB0-475D-BFB2-528AEC7C6AB6}) (Version: 6.5 - Optical Signatures Code)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}) (Version: 16.0.9661 - WinZip Computing, S.L. )
WModem Driver Installer (HKLM-x32\...\{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-447802036-2442592229-764857793-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files (x86)\TextPad 7\System\shellext64.dll (Helios Software Solutions)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-08-23 07:42 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {21C2A3C5-88E0-4031-8F68-894404B705E3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {255D8DB8-8600-4412-AF7A-3AF1AA1B8DD8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-447802036-2442592229-764857793-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {2B5D3F3C-9CAC-4D96-AE2A-CF834E52D01F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2F51CF18-B358-403A-883D-263AACF4B21E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {4C1A0F33-614E-4B98-9071-197AE558DD6A} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\MATLAB\R2010a Student\MATLAB R2010a Student.lnk [2010-06-13] ()
Task: {5773B7BA-0534-4B89-9149-CC4E1139A1E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AC738BC-8C9E-4A73-9AC3-7FBCE67D9F0E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {6C949312-2B19-4723-B0F4-58254317F328} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {738086D8-D692-40BE-AA51-5058E979DC6E} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {7D67B388-EF7A-422F-B998-7BF3C169E685} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9013DE25-2A2C-4BDB-B303-7585B096B29B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {99DBBE0F-3E04-442B-B32D-C8421BDA771F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {C0E26DFB-F7D4-4E1E-B954-D072FE5D8E96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26] (Google Inc.)
Task: {D68F9E91-0BA3-4A79-BA58-564456083B78} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {DC8D9B37-988C-41CA-9136-7F08859602E6} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {E4B702AE-9757-459A-A0B1-355BA5E950F9} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {E5935BEE-40CB-4EB6-AE21-DA9174C992FE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-447802036-2442592229-764857793-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {F2DC79F7-159F-4E8A-B573-2EAD4A574181} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-11-18 21:42 - 2011-02-28 17:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2011-01-27 16:13 - 2011-01-27 16:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-01-27 16:13 - 2011-01-27 16:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-06-01 05:18 - 2014-06-01 05:18 - 01396736 _____ () C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-12 08:58 - 2009-10-02 15:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/23/2014 07:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xdb0
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3
Error: (08/23/2014 06:53:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x12a0
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3
Error: (08/23/2014 01:13:49 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (08/22/2014 09:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x137c
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3
Error: (08/22/2014 08:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x1284
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3
Error: (08/22/2014 00:26:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (08/19/2014 09:35:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (08/19/2014 07:26:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (08/19/2014 07:26:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (08/19/2014 07:26:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (08/23/2014 07:41:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
Error: (08/23/2014 06:48:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/23/2014 06:46:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
Error: (08/22/2014 09:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
Error: (08/18/2014 08:18:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/07/2014 09:01:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Core Update Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (08/06/2014 09:14:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 47.
Error: (08/06/2014 09:14:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 47.
Error: (08/06/2014 09:13:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 47.
Error: (08/06/2014 09:13:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 47.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 54%
Total physical RAM: 3894.78 MB
Available physical RAM: 1759.82 MB
Total Pagefile: 7787.74 MB
Available Pagefile: 5339.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (TI105512W0E) (Fixed) (Total:456.78 GB) (Free:314.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.4 GB) (Free:6.83 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BCDDC75C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=456.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.5 GB) - (Type=17)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
#18
Posted 23 August 2014 - 08:32 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
That tool did not help answer my question, but as I said, I do have other tricks up my sleeve. 
Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
- Double click zoek.zip
- Double click on zoek.exe to run.
- Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
- Copy the text below and paste it into the large window in the zoek tool:
silentrunners; FFDefaults; CHRDefaults; emptyclsid; AutoClean;
- Click on Run script button
- Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
- Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
#19
Posted 23 August 2014 - 10:04 AM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
Results from zoek:
Zoek.exe v5.0.0.0 Updated 23-08-2014
Tool run by User on Sat 08/23/2014 at 10:28:18.73.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
8/23/2014 10:30:54 AM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-447802036-2442592229-764857793-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-447802036-2442592229-764857793-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-447802036-2442592229-764857793-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-447802036-2442592229-764857793-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\ugvhow4t.default\prefs.js:
user_pref("browser.search.defaultenginename", "My Web Search");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...10638=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\ugvhow4t.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...Google Search=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...10638=");
user_pref("keyword.URL", "http://www.google.co...Google Search=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default\prefs.js:
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...10638=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...Google Search=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...10638=");
user_pref("keyword.URL", "http://www.google.co...Google Search=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\ugvhow4t.default
user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...41BD-B9CB-3B26E
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "http://search.mywebs...CB-3B26E0C15724
user_pref("extensions.toolbar.mindspark._64Members_.homepage", "http://home.mywebsea...6E0C15724&n=780
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2014032816");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm032ADus");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "3610638");
user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "570477C5-2A53-41BD-B9CB-3B26E0C15724");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1396041095964");
user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
---- Lines ffxtbr modified from prefs.js ----
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30,[email protected]:1.6.0.19192,[email protected]
---- FireFox user.js and prefs.js backups ----
prefs_20140823_1045_.backup
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default
user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "http://search.mywebs...41BD-B9CB-3B26E
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "http://search.mywebs...CB-3B26E0C15724
user_pref("extensions.toolbar.mindspark._64Members_.homepage", "http://home.mywebsea...6E0C15724&n=77d
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2011111912");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm032ADus");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "3610638");
user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "570477C5-2A53-41BD-B9CB-3B26E0C15724");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1374684940227");
user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "my week with marilyn huntsville al||dicks sporting good store||sports authority.c
user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "35801");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
---- FireFox user.js and prefs.js backups ----
prefs_20140823_1045_.backup
==== Deleting Files \ Folders ======================
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default\extensions\[email protected] not found
C:\PROGRA~3\eSellerate deleted
C:\PROGRA~2\Mozilla Firefox\.autoreg deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\TelevisionFanatic deleted
C:\PROGRA~2\TelevisionFanaticEI deleted
C:\Users\Reese\AppData\Roaming\Yahoo! deleted
C:\Users\User\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\Searches deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\windows\SysNative\tasks\RunAsStdUser Task deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\ugvhow4t.default\searchplugins\askcom.xml deleted
C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
"C:\windows\Installer\16159f38.msi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/11/2014 09:25 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/11/2014 09:25 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\ugvhow4t.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
- Meeting Center - C:\Program Files (x86)\Meeting Center\Modules\Firefox
- RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default
- Meeting Center - C:\Program Files (x86)\Meeting Center\Modules\Firefox
- HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gbihnx4f.default
92E874667621A2A475FC8EA91DD763A2 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks™ Chrome Background Extension Plug-In (32-bit)
94A6E06BF6531D623FE30A7C38E65F61 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer™ HTML5VideoShim Plug-In (32-bit)
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[04/17/2012 08:00 PM]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx[07/31/2014 12:47 AM]
RealPlayer HTML5Video Downloader Extension - Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Norton Identity Protection - Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Norton Identity Safe - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Norton Security Toolbar - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
==== Chromium Startpages ======================
C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com" ],
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com/" ],
==== Chrome Fix ======================
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://webmail.sra-h.../mail/login.php"
"Default_Page_URL"="http://www.google.co...=TSNA&bmod=TSNA"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft....k/?LinkId=69157"
"Start Page"="http://webmail.sra-h.../mail/login.php"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...Box&FORM=IESR02"
{A9008EF1-D724-4E52-B061-22700DCAD677} Google Url="http://www.google.co...ng}&rlz=1I7TSNA"
{B7CAB0D1-34D0-441A-BD6F-2436605CB520} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-447802036-2442592229-764857793-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7CAB0D1-34D0-441A-BD6F-2436605CB520} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE1EC58E-B2AC-4959-A4C2-C38202A25239} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Magellan CmTray = C:\Program Files (x86)\Content Manager\CmTray.exe [file not found]
GarminExpressTrayApp = "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TPwrMain = C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
HSON = C:\Program Files\TOSHIBA\TBS\HSON.exe
Teco = "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
TosWaitSrv = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
ThpSrv = C:\windows\system32\thpsrv /logon [TOSHIBA Corporation]
HDMICtrlMan = C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
TosVolRegulator = C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [TOSHIBA Corporation]
TosReelTimeMonitor = C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
Windows Mobile Device Center = C:\windows\WindowsMobile\wmdc.exe
TosSENotify = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
IntelWireless = "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [Intel® Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data]
ToshibaServiceStation = "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [null data]
TWebCamera = "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
PDVDDXSrv = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [CyberLink Corp.]
hpqSRMon = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [Hewlett-Packard]
Microsoft Default Manager = "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [MS]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection
-> {HKLM...CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll [Symantec Corporation]
-> {HKLM...Wow...CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [Symantec Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0347C33E-8762-4905-BF09-768834316C61}\(Default) = HP Print Enhancer
-> {HKLM...Wow...CLSID} = HP Print Enhancer
\InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [Hewlett-Packard Co.]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
\InProcServer32\(Default) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection
-> {HKLM...CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll [Symantec Corporation]
-> {HKLM...Wow...CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [Symantec Corporation]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection
-> {HKLM...Wow...CLSID} = Norton Vulnerability Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL [Symantec Corporation]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = Search Helper
-> {HKLM...Wow...CLSID} = Search Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java™ Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Bing Bar BHO
\InProcServer32\(Default) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = HP Smart BHO Class
-> {HKLM...Wow...CLSID} = HP Smart BHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]
{E0D79304-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
{E0D79307-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
{E0D79305-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
{E0D79306-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
-> {HKLM...Wow...CLSID} = CLSID_WLMCMimeFilter
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\ONFILTER.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM...Wow...CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\OLKFSTUB.DLL [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\MLSHEXT.DLL [MS]
{AA2121EE-0300-11D4-8D3B-544553540000} = SimpleShlExt extension
-> {HKLM...Wow...CLSID} = Alibre Thumbnail Viewer
\InProcServer32\(Default) = C:\Program Files (x86)\Alibre Design\Program\ad_thumbnail_viewer32.dll [Alibre, Inc.]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM...Wow...CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{B65F237C-AAFF-4df7-8872-91B65663E41F}\(Default) = SmartFaceVCP
-> {HKLM...CLSID} = SmartFaceVCP
\InProcServer32\(Default) = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll [TOSHIBA Corporation]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
TextPad\(Default) = {8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}
-> {HKCU...CLSID} = TextPad
\InProcServer32\(Default) = C:\Program Files (x86)\TextPad 7\System\shellext64.dll [Helios Software Solutions]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [Igor Pavlov]
BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE}
-> {HKLM...CLSID} = ContextMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [Apple Inc.]
-> {HKLM...Wow...CLSID} = ContextMenuHandler Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM...CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\NavShExt.dll" [Symantec Corporation]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
-> {HKLM...Wow...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]
HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\
BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [Igor Pavlov]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
-> {HKLM...Wow...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [Igor Pavlov]
WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
-> {HKLM...Wow...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\windows\system32\igfxpph.dll [Intel Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [Symantec Corporation]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM...CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\NavShExt.dll" [Symantec Corporation]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
-> {HKLM...Wow...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.]
-> {HKLM...Wow...CLSID} = WinZip
\InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktopCleanupWizard = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\windows\system32\AUBURN~1.SCR (Auburn University.scr) [ScreenTime Media]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AdobePremiereElements7.0CameraArrival\
Provider = Adobe Premiere Elements
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Adobe Premiere Elements.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
BasicBurnAdd\
Provider = Roxio Roxio Burn
InvokeProgID = BasicBurn.PLAYADD
InvokeVerb = Add
HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = "C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe" /BURN %L [null data]
BasicBurnCopy\
Provider = Roxio Roxio Burn
InvokeProgID = BasicBurn.PLAYCOPY
InvokeVerb = Copy
HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = "C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe" /Copy %L [null data]
HPAutoplayPSE\
Provider = HP Photosmart Essential 3.5
InvokeProgID = HpqPSApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;en-us.8081.0709
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;en-us.8081.0709
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
PDVDDXPlayDVDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = DVD
InvokeVerb = PlayWithPDVDDX
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]
PDVDDXPlayVideoCDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = VCD
InvokeVerb = PlayWithPDVDDX
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]
RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]
RPDVDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]
RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /play %1 [RealNetworks, Inc.]
RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /dvd %1 [RealNetworks, Inc.]
RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]
TosDVDPlayHandler\
Provider = TOSHIBA DVD PLAYER
InvokeProgID = TosDvdPlayer
InvokeVerb = play
HKLM\SOFTWARE\Classes\TosDvdPlayer\shell\play\command\(Default) = "C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe" [TOSHIBA Corporation]
WIA_{D110CF57-ED18-4788-B68B-8ACFAF9903C0}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files\WinZip\WINZIP64.EXE /wia;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]
WIA_{D5EE8608-EF59-478B-83E4-C822C70027E2}\
Provider = HP Photosmart Essential 3.5
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\HP\Digital Imaging\bin\HpqPsApl.exe;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]
Startup items in "User" & "All Users" startup folders:
------------------------------------------------------
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
OneNote 2007 Screen Clipper and Launcher -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS]
Verizon Wireless Software Utility Application for Android - Samsung -> shortcut to: C:\Users\User\AppData\Roaming\VERIZON\UA_ar\UA.exe [SAMSUNG Electornics Co., Ltd.]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
B-Line -> shortcut to: C:\Users\Public\New Tier\CommunicatorV3\version_check_v3.exe [file not found]
Bitmeter2 -> shortcut to: C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe [null data]
HP Digital Imaging Monitor -> shortcut to: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.]
Windows Sidebar Gadgets: {++}
------------------------
C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CWinZip.Gadget"
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
ConfigFree Startup Programs -> launches: C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [TOSHIBA CORPORATION]
GarminUpdaterTask -> launches: C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [null data]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
HPCustParticipation HP Officejet 6500 E710n-z -> launches: "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe" /UA 9.0 /DDV 0x0805 [Hewlett-Packard Co.]
MotoHelper Initial Update -> launches: "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe" -d -silent [null data]
MotoHelper MUM -> launches: "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe" -MUM [null data]
MotoHelper Routing -> launches: "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe" -r [null data]
MotoHelper Update -> launches: "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe" -d -silent [null data]
Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe" /taskschd [Symantec Corporation]
RealUpgradeLogonTaskS-1-5-21-447802036-2442592229-764857793-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.]
RealUpgradeScheduledTaskS-1-5-21-447802036-2442592229-764857793-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.]
User_Feed_Synchronization-{2767F662-E580-4DF5-8EF3-61FBF61269C2} -> (HIDDEN!) launches: C:\windows\system32\msfeedssync.exe sync [MS]
{3C223E3B-83AB-493E-AD75-48B1189DC381} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRZISI8\sp47195.exe" -d C:\Users\User\Desktop [MS]
{3C9C0000-7828-408B-8AAC-4FFA5897864D} -> launches: C:\windows\system32\pcalua.exe -a D:\/setup.exe -d D:\ [MS]
{61C64231-887E-4C5A-AE7B-CB6570E3C047} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KGZJP6Q\tscc[1].exe" -d C:\Users\User\Desktop [MS]
C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Norton 360
Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe /analyze [Symantec Corporation]
Norton Error Processor -> launches: C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe /submit [Symantec Corporation]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-447802036-2442592229-764857793-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
SqmUpload_S-1-5-21-447802036-2442592229-764857793-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar
-> {HKLM...CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll [Symantec Corporation]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8DCB7100-DF86-4384-8842-8FA844297B3F} = (no title provided)
-> {HKLM...Wow...CLSID} = @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100
\InProcServer32\(Default) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [MS]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar
-> {HKLM...Wow...CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [Symantec Corporation]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM...Wow...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
Explorer Bars
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\
{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = HP Smart Web Printing
\InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll [Hewlett-Packard Co.]
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = Blog This
MenuText = &Blog This in Windows Live Writer
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll [MS]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
ButtonText = @C:\windows\WindowsMobile\INetRepl.dll,-222
CLSIDExtension = {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
-> {HKLM...Wow...CLSID} = Create Mobile Favorite
\InProcServer32\(Default) = C:\windows\WindowsMobile\INetRepl.dll [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
MenuText = @C:\windows\WindowsMobile\INetRepl.dll,-223
CLSIDExtension = {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
-> {HKLM...Wow...CLSID} = Create Mobile Favorite
\InProcServer32\(Default) = C:\windows\WindowsMobile\INetRepl.dll [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...Wow...CLSID} = &Research
\InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL [MS]
{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
ButtonText = Show or hide HP Smart Web Printing
CLSIDExtension = {DDE87865-83C5-48c4-8357-2F5B1AA84522}
-> {HKLM...Wow...CLSID} = ClipBookBtn Class
\InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]
HOSTS file
----------
C:\windows\System32\drivers\etc\HOSTS
maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Active File Monitor V7, AdobeActiveFileMonitor7.0, C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [Adobe Systems Incorporated]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
ConfigFree Service, ConfigFree Service, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [TOSHIBA CORPORATION]
ConfigFree WiMAX Service, cfWiMAXService, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [TOSHIBA CORPORATION]
Garmin Core Update Service, Garmin Core Update Service, "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe" [null data]
HP CUE DeviceDiscovery Service, hpqddsvc, C:\windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
HP Network Devices Support, HPSLPSVC, C:\windows\system32\svchost.exe -k HPService {C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
Intel® Management & Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel® PROSet/Wireless Event Log, EvtEng, C:\Program Files\Intel\WiFi\bin\EvtEng.exe [Intel® Corporation]
Intel® PROSet/Wireless Registry Service, RegSrvc, C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [Intel® Corporation]
Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
MotoHelper Service, MotoHelper, C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [null data]
Net Driver HPZ12, Net Driver HPZ12, C:\windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]}
Norton 360, N360, "C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll" /prefetch:1 [Symantec Corporation]
Pml Driver HPZ12, Pml Driver HPZ12, C:\windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]}
SeaPort, SeaPort, "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [MS]
TMachInfo, TMachInfo, C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [null data]
TOSHIBA eco Utility Service, TOSHIBA eco Utility Service, "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [TOSHIBA Corporation]
TOSHIBA HDD Protection, Thpsrv, C:\windows\system32\ThpSrv.exe [TOSHIBA Corporation]
TOSHIBA HDD SSD Alert Service, TOSHIBA HDD SSD Alert Service, "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [TOSHIBA Corporation]
TOSHIBA Optical Disc Drive Service, TODDSrv, C:\Windows\system32\TODDSrv.exe [TOSHIBA Corporation]
TOSHIBA Power Saver, TosCoSrv, "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [TOSHIBA Corporation]
TPCH Service, TPCHSrv, "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [TOSHIBA Corporation]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Windows Mobile-2003-based device connectivity, WcesComm, C:\windows\system32\svchost.exe -k WindowsMobile {C:\windows\WindowsMobile\wcescomm.dll [MS]}
Windows Mobile-based device connectivity, RapiMgr, C:\windows\system32\svchost.exe -k WindowsMobile {C:\windows\WindowsMobile\rapimgr.dll [MS]}
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> PEVSystemStart, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> PEVSystemStart, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP 5412 Status Monitor\Driver = hpinksts5412LM.dll [Hewlett-Packard Co.]
HP Discovery Port Monitor (HP Officejet 6500 E710n-z)\Driver = HPDiscoPM5412.dll [Hewlett-Packard Co.]
LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company]
PCL hpf3lw73\Driver = hpf3lw73.dll [Hewlett-Packard Company]
PCL hpz3lw71\Driver = hpz3lw71.dll [Hewlett-Packard Corporation]
PrimoMon\Driver = Primomonnt.dll [null data]
<<H>>: Suspicious data at a browser hijack point.
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PJH9T2O will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=47 folders=37 52846260 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Reese\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PJH9T2O" deleted
==== EOF on Sat 08/23/2014 at 11:00:56.55 ======================
#20
Posted 24 August 2014 - 07:47 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Any improvement?
#21
Posted 24 August 2014 - 09:43 AM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
I am sorry I was waiting my next instructions. The bitmeter is stil showing prety much solid red but it does appear to be a little different. It is still solid red I would say 90% of the time even though I have nothing running that would be accessing data.
#22
Posted 24 August 2014 - 11:22 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
I'm starting to wonder a little bit about BitMeter2 at this point. Honestly, I don't know a lot about it. I've checked logs on our site, and it's not a frequently used program as far as I can see. That said, your logs are looking much better. Yes, I'd like to rescan for some odds and ends, but I don't see anything that should be using large chunks of data. Is it possible for you do monitor your data usage via your ISP? Some have daily monitoring that you can see if you log into your account. I'd just like to verify the usage via a more reliable source than BitMeter.
#23
Posted 24 August 2014 - 12:12 PM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
I can see my data usage on the website but it is two days old even talking to their tech support they say that even they only have access to the same sort of information that I do when I log into my account. I have bitmeter installed on my desktop also and it appears to be working correctly on this machine. When I am doing something in explorer it jumps up a second and then comes back down but like now while I am typing it is not showing any activity. Where as on my laptop if my wifi antenna is on the bitmeter is all red nomatter what is running on my machine but when I slide the antenna off the bitmeter goes to nothing. With that said I do have some other tools I just do not have the wisdom to take advantage of them. I have an actiontec router/modem and it seems to have some utilities on it. I can turn logging on at the router but I just don't realy know what to do with the information. ALso I had asked bitmeter a question about being able to determine what application was utilizing the data usage and the reply was that bitmetter just tells realtime download and upload speeds, They sugested TCPView to see which program is downloading or uploading data including remote IP address and port, would that help?
I do really appreciate all of your help. I do have the geek squad dvds that came with the machine so I can take it back to the state it was when I bought it I just hate to have to do that not to mention I would REALLY like to know what happened so I don't do this again. I am pretty careful and really try hard not to do anything that would allow bad things to happen to my computer...
I am open to what ever you sugest. If you have another tool or would like to see what the router says we can try that.
#24
Posted 24 August 2014 - 12:31 PM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
One other thing that might be worth mentioning as I said before betmeter was acting a little different after I ran zoek instead of solid read I actually thought for a brief minute that it was fixed. The meter did not imediately peg out but was around 90% but it did seem to recover and is now back to solid red. SHould I remove bitmeter?
#25
Posted 25 August 2014 - 06:32 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
They sugested TCPView to see which program is downloading or uploading data including remote IP address and port, would that help?
It just might, so I've included the download and run instructions below along with one other program. Don't worry, we'll get to the bottom of the this 
I do really appreciate all of your help.
You're welcome 
I do have the geek squad dvds that came with the machine so I can take it back to the state it was when I bought it I just hate to have to do that not to mention I would REALLY like to know what happened so I don't do this again. I am pretty careful and really try hard not to do anything that would allow bad things to happen to my computer...
I am open to what ever you sugest. If you have another tool or would like to see what the router says we can try that.
Hmm...Geek Squad... 
No, I think we can handle this
SHould I remove bitmeter?
Not yet. I don't think it's causing problems, I'm just not sure it's reflective of reality
Here are the TCPview and Autoruns programs. If these instructs arn't clear or don't work, let me know.
http://live.sysinter...view</span>.exe
Download, Save and Run it. Give it a minute to settle down then File, Save As, (to your desktop) tcpview OK. This should create a file tcpview.txt on your desktop. Please attach it or you can copy and paste as it is not that big.
Also get autoruns from
http://live.sysinter...om/autoruns.exe
Download Save and Run the program. Let it finish scanning then File, Save, to your desktop, autoruns.arn, OK
Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
#26
Posted 25 August 2014 - 06:13 PM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
ok here are the results... hopefully I did that right.
I know that we are real sure how accurate bitmeter is but oddly enough when the autorun scan was going the bitmeter showed no data transfer at all but when I closed it down it pegged back out.
Thanks!
Attached Files
-
AutoRuns.7z 74.16KB
190 downloads
-
tcpview.txt 5.97KB
375 downloads
#27
Posted 26 August 2014 - 07:11 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
hopefully I did that right.
You did fine
Nothing untoward in the lists. However, two items that are know to hog CPU and system resources. AppleMobileDeviceService, which is not the same as iTunes, but it is a piece of software that managed Ipods and Apple-ish stuff like that. It is quite possible to use iTunes without AppleMobileDeviceService. My question is, do you use any Apple producs? Do you need any Apple Mobile Services..iPod, iPad, etc.? If not, we can remove that and see if it helps.
Next, Norton 360 (or any of the Symantic Products) have a bad reputation for being resource intensive and slowing your computer. If you're willing, we could uninstall Norton 360 and replace it with Windows Defender (Free and works quite well) or Avast (Free and works quite well) just to see if this help.
As you can see, we're in the are of "trying things" to see what it going on. BTW, none of these are know for data use, they are just resource intensive and slow the computer. I know that you can only see your data usage at your ISP after a few days, but maybe monitor it daily. I would think enough time has gone by from our initial fixes that a pronounced decrease in usage would be seen.
If you'd like to try removing AppleMobileDeviceService and Norton 360, let me know and I'll provide instructions. If that is a Yes, pick either Defender or Avast and I'll give instructions for that too.
#28
Posted 26 August 2014 - 02:03 PM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
I have included the data usage from my provider. The data useage doesn't look so bad at least for the last few days except that literally the only time my laptop wifi antenna is on is when I was working with you and downloading utilities. I think I watched one half hour Netflix show on Sun. and that is absolutely it. The days that show zero I had the router/modem turned off. I have heard of Windows Defender and I have no sentimental attachment to Norton so I am good with uninstalling it and installing Defender. I do have and ipod though that I still use but just saying that I have an ipod tells you that I have been using it for several years and have not had this problem is there a way to tell when I had an update to the AppleMobileDeviceService? Is there a way to revert back to an older version? Having said that I would rather lose the ipod than have to put up with my laptop being a data hog.
Thanks Again!
Usage Period Download (in GB) Upload (in GB) Total (in GB) 08/24/2014 1.99 0.10 2.09 08/23/2014 1.66 0.08 1.74 08/22/2014 0.55 0.03 0.58 08/21/2014 1.04 0.08 1.12 08/20/2014 0.25 0.02 0.27 08/19/2014 1.18 0.07 1.25 08/18/2014 0.00 0.00 0.00 08/17/2014 2.04 0.14 2.18 08/16/2014 0.46 0.02 0.48 08/15/2014 1.77 0.07 1.84 08/14/2014 0.00 0.00 0.00 08/13/2014 0.00 0.00 0.00 08/12/2014 14.80 0.54 15.34 08/11/2014 11.31 0.42 11.73 08/10/2014 14.34 0.54 14.88 08/09/2014 24.61 0.93 25.54 08/08/2014 25.15 0.92 26.07 08/07/2014 23.95 0.89 24.84 08/06/2014 24.67 0.91 25.58 08/05/2014 12.62 0.47 13.09 08/04/2014 3.43 0.15 3.58 08/03/2014 10.92 0.44 11.36 08/02/2014 3.79 0.18 3.97 08/01/2014 1.60 0.09 1.69 Totals 182.13 7.09 189.22
#29
Posted 26 August 2014 - 02:05 PM
grancarol
- Topic Starter
-
- Member
-
- 50 posts
Member
Sorry 
that did not look that bad before. It was a table until I hit post....
#30
Posted 26 August 2014 - 02:26 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Don't worry, I can read the table.
iPod - I agree! And, that utility isn't doing any upload/download, just eating clock cycles on the computer. Just a speed issue (not that you complained )
Norton - now that can upload/download "stuff" and use your bandwidth. However, all a/v's will do that. As will many applications on your machine. By way of example, most browsers try and "autocomplete" your typing. That requires access to the internet. Much of what you do these days requires access to the internet. Gone are the days when you could have a laptop and rarely connect, yet still have lots of usefull applications. Anyway, I'm not a fan of Norton and it costs money to boot! Microsoft Security Essentials or Windows Defender (the same thing, just one is for W7, Vista and W8 and the other for XP and below) are lightweight, work well and best of all...free! It might be the only thing that Microsoft every "gives" you.
My concern is your meter that indicates (seemingly) constant and total unload/download. Frankly, from what I'm seeing in this usage report, I wouldn't trust this meter to tell me much of anything. It just doesn't seem to be reflective of reality.
08/24/2014 1.99 0.10 2.09
08/23/2014 1.66 0.08 1.74
08/22/2014 0.55 0.03 0.58
08/21/2014 1.04 0.08 1.12
08/20/2014 0.25 0.02 0.27
08/19/2014 1.18 0.07 1.25
08/18/2014 0.00 0.00 0.00
08/17/2014 2.04 0.14 2.18
08/16/2014 0.46 0.02 0.48
08/15/2014 1.77 0.07 1.84
08/14/2014 0.00 0.00 0.00
08/13/2014 0.00 0.00 0.00
08/12/2014 14.80 0.54 15.34
08/11/2014 11.31 0.42 11.73
08/10/2014 14.34 0.54 14.88
08/09/2014 24.61 0.93 25.54
08/08/2014 25.15 0.92 26.07
08/07/2014 23.95 0.89 24.84
08/06/2014 24.67 0.91 25.58
08/05/2014 12.62 0.47 13.09
08/04/2014 3.43 0.15 3.58
08/03/2014 10.92 0.44 11.36
08/02/2014 3.79 0.18 3.97
08/01/2014 1.60 0.09 1.69Totals 182.13 7.09 189.22
If we just look at this grouping of dates, you're heavy usage was the 6th - 9th. Before you posted here. After that it looks pretty reasonable. Yet, you were warned by your ISP, so there is definately data usage according to them. Another thought I just had, and I apologize for not thinking of this earlier. I should have; when they told you to change your router password, that was the hint. They are worried that someone other than you is accessing your wireless router. Is this the only machine you own that routes through the router? How about the neighbors? In other words, it wouldn't hurt to change the password now (along with the administrator password. Absolutely do both!). And, change it every few days until you're sure that no one is is piggy backing on your dime.
Similar Topics
Also tagged with one or more of these keywords: malware, malware - virus trojan??????
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
