Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help please: Laptop infected by some virus/malware [Closed]

Started by Avanika , Apr 26 2015 11:37 PM
infected redirect virus

  • This topic is locked This topic is locked

#1
Avanika
Posted 26 April 2015 - 11:37 PM

Avanika

    New Member

  • Member
  • Pip
  • 7 posts

Hi!

 

 

I need help in finding out the problem with my computer which keeps getting infected despite the antivirus program( escan) and I tried a bunch of other programs like Malwarebyte but none can detect any. Still I get rdsrv.com redirect on firefox and chrome also seem to be infected. When I tried to use chrome after a first few pages it also started to show some redirect.

 

I tried  system restore to no avail.  This laptop already been reformatted this January and it caused a lot of problems in reinstalling everything on it- long story but I want to avoid all that if I can this time.

 

I tried to use highjack this for getting a log - not sure if it works well with windows 7 home premium ( 64 bit) but here it is if it can help:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:38:28 AM, on 4/27/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)

FIREFOX: 37.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\USER\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Virtual Keyboard - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe
O9 - Extra 'Tools' menuitem: Virtual Keyboard - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: eConServ (EconService) - MicroWorld Technologies Inc. - c:\progra~2\escan\EconSer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\PROGRA~3\MICROW~1\eScanBD\avpmapp.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~2\eScan\TRAYSSER.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12468 bytes
 

 

Anyone knows anything that can help?


  • 0

Advertisements

#2
Essexboy
Posted 27 April 2015 - 09:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, Hijackthis is a bit antiquated now, so lets go with the modern stuff :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions and shortcut txt at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach all three logs generated.

  • 0

#3
Avanika
Posted 27 April 2015 - 10:30 PM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi there, Hijackthis is a bit antiquated now, so lets go with the modern stuff :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions and shortcut txt at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach all three logs generated.

 

 

Here is the log using FRST (64):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by USER (administrator) on USER-PC on 28-04-2015 09:55:13
Running from C:\Users\USER\Downloads
Loaded Profiles: USER (Available profiles: USER)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2827467872-2022378885-4253445440-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2827467872-2022378885-4253445440-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-09] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2014-12-09] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-09] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2014-12-09] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2014-12-09] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-09] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-09] (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
Winsock: Catalog5 09 C:\windows\SysWOW64\mwnsp.dll [174312 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 01 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 15 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog5-x64 09 C:\Windows\system32\mwnsp.dll [181992 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.153 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Extension: Lightshot (screenshot tool) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2015-04-27]
FF Extension: Adblock Plus - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-27]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Bookmark Manager) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 EconService; c:\Program Files (x86)\eScan\econser.exe [1066280 2012-10-04] (MicroWorld Technologies Inc.)
S2 eScan Monitor Service; C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe [2174592 2015-02-25] (MicroWorld Technologies Inc.)
S2 eScan-trayicos; C:\Program Files (x86)\eScan\traysser.exe [148200 2015-02-06] (MicroWorld Technologies Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [859432 2012-10-04] (MicroWorld Technologies Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R1 econceal; C:\Windows\System32\DRIVERS\econceal.sys [30216 2011-08-01] (MicroWorld Technologies Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ProcObsrvesx; C:\Program Files (x86)\eScan\ProcObsrvesx.sys [22760 2014-12-09] (MicroWorld Technologies Inc.)
S3 Tosrfcom; No ImagePath
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2014-12-09] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 09:55 - 2015-04-28 09:55 - 00013836 _____ () C:\Users\USER\Downloads\FRST.txt
2015-04-28 09:55 - 2015-04-28 09:55 - 00000000 ____D () C:\FRST
2015-04-28 09:52 - 2015-04-28 09:54 - 02100736 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2015-04-28 09:45 - 2015-04-28 09:45 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-04-27 21:53 - 2015-04-27 21:53 - 00000000 ____D () C:\Users\USER\Desktop\Old Firefox Data
2015-04-27 14:50 - 2015-04-27 14:53 - 00147456 ___SH () C:\Users\USER\Documents\Thumbs.db
2015-04-27 10:22 - 2015-04-27 15:28 - 00000000 ____D () C:\Users\USER\Downloads\backups
2015-04-27 10:05 - 2015-04-28 09:36 - 00000035 _____ () C:\Users\USER\AppData\Roaming\mbam.context.scan
2015-04-27 09:45 - 2015-04-27 09:45 - 00000000 ____D () C:\HJT
2015-04-27 08:14 - 2015-04-27 08:14 - 00000000 ____D () C:\windows\rundll16.exe
2015-04-27 08:14 - 2015-04-27 08:14 - 00000000 ____D () C:\windows\logo1_.exe
2015-04-27 00:03 - 2015-04-27 00:03 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 00:03 - 2015-04-27 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 23:50 - 2015-04-26 23:50 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0804da25bfba9.job
2015-04-26 23:50 - 2015-04-26 23:50 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 23:49 - 2015-04-26 23:50 - 00000000 ____D () C:\Users\USER\AppData\Local\Deployment
2015-04-26 23:49 - 2015-04-26 23:49 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2015-04-26 22:49 - 2015-04-26 22:49 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 22:49 - 2015-04-26 22:49 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 22:49 - 2015-04-26 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 13:44 - 2015-04-26 13:44 - 00000000 ____D () C:\08d760d078fd2b7641
2015-04-21 15:44 - 2015-04-21 15:44 - 00011978 _____ () C:\Users\USER\Desktop\pdncrash.log
2015-04-16 12:12 - 2015-04-16 12:12 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 12:12 - 2015-04-16 12:12 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-15 13:31 - 2015-04-02 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 13:31 - 2015-04-02 05:19 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-15 13:31 - 2015-03-13 10:02 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 13:31 - 2015-03-13 09:55 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 13:31 - 2015-03-13 09:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 13:31 - 2015-03-13 09:39 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 13:31 - 2015-03-13 09:38 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 13:31 - 2015-03-13 09:38 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 13:31 - 2015-03-13 09:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 13:31 - 2015-03-13 09:37 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 13:31 - 2015-03-13 09:36 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 13:31 - 2015-03-13 09:30 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 13:31 - 2015-03-13 09:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 13:31 - 2015-03-13 09:25 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 13:31 - 2015-03-13 09:24 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 13:31 - 2015-03-13 09:24 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 13:31 - 2015-03-13 09:23 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 13:31 - 2015-03-13 09:20 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 13:31 - 2015-03-13 09:14 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 13:31 - 2015-03-13 09:12 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-15 13:31 - 2015-03-13 09:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-15 13:31 - 2015-03-13 09:10 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 13:31 - 2015-03-13 09:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 13:31 - 2015-03-13 08:58 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-15 13:31 - 2015-03-13 08:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-15 13:31 - 2015-03-13 08:57 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-15 13:31 - 2015-03-13 08:57 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 13:31 - 2015-03-13 08:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-15 13:31 - 2015-03-13 08:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 13:31 - 2015-03-13 08:56 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-15 13:31 - 2015-03-13 08:53 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 13:31 - 2015-03-13 08:52 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-15 13:31 - 2015-03-13 08:50 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-15 13:31 - 2015-03-13 08:50 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-15 13:31 - 2015-03-13 08:47 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-15 13:31 - 2015-03-13 08:46 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-15 13:31 - 2015-03-13 08:45 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-15 13:31 - 2015-03-13 08:38 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 13:31 - 2015-03-13 08:37 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 13:31 - 2015-03-13 08:36 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-15 13:31 - 2015-03-13 08:35 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 13:31 - 2015-03-13 08:35 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 13:31 - 2015-03-13 08:31 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 13:31 - 2015-03-13 08:30 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 13:31 - 2015-03-13 08:27 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-15 13:31 - 2015-03-13 08:26 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-15 13:31 - 2015-03-13 08:24 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-15 13:31 - 2015-03-13 08:19 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-15 13:31 - 2015-03-13 08:15 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 13:31 - 2015-03-13 08:14 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-15 13:31 - 2015-03-13 08:13 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-15 13:31 - 2015-03-13 08:12 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-15 13:31 - 2015-03-13 08:04 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-15 13:31 - 2015-03-13 08:03 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 13:31 - 2015-03-13 07:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 13:31 - 2015-03-13 07:50 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-15 13:31 - 2015-03-13 07:46 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-15 13:31 - 2015-03-13 07:44 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-15 10:44 - 2015-03-17 10:52 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 10:52 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:44 - 2015-03-17 10:52 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 10:44 - 2015-03-17 10:49 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 10:44 - 2015-03-17 10:46 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 10:44 - 2015-03-17 10:46 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-15 10:44 - 2015-03-17 10:45 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-15 10:44 - 2015-03-17 10:45 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 10:44 - 2015-03-17 10:45 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 10:44 - 2015-03-17 10:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 10:44 - 2015-03-17 10:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:31 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:44 - 2015-03-17 10:31 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 10:29 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-15 10:44 - 2015-03-17 10:26 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-15 10:44 - 2015-03-17 10:26 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-15 10:44 - 2015-03-17 10:23 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-15 10:44 - 2015-03-17 10:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:15 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-15 10:44 - 2015-03-17 09:15 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-15 10:44 - 2015-03-17 09:13 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:44 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 10:44 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 10:44 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-15 10:44 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-15 10:40 - 2015-03-23 08:55 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 10:40 - 2015-03-23 08:55 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 10:40 - 2015-03-23 08:47 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 10:40 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-04-15 10:36 - 2015-03-25 08:54 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 10:36 - 2015-03-25 08:53 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 10:36 - 2015-03-25 08:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 10:36 - 2015-03-25 08:53 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 10:36 - 2015-03-25 08:30 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 10:05 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 10:05 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-15 09:37 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 09:37 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 09:37 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 09:33 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-07 23:33 - 2015-04-26 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 23:07 - 2015-04-05 23:07 - 00002323 _____ () C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2015-04-05 07:09 - 2015-04-26 21:36 - 00000000 ____D () C:\Users\USER\Downloads\New folder
2015-04-05 07:01 - 2015-04-05 07:10 - 00000000 ____D () C:\Users\USER\Downloads\patterns
2015-04-05 06:44 - 2015-04-26 21:19 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-05 06:44 - 2015-04-05 06:44 - 00000000 ___SD () C:\windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 09:50 - 2015-03-07 22:29 - 00000000 ____D () C:\Users\USER\Downloads\sotw
2015-04-28 09:13 - 2015-03-22 07:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-28 08:41 - 2009-07-14 10:15 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 08:41 - 2009-07-14 10:15 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 08:40 - 2009-07-14 08:04 - 00003906 _____ () C:\windows\win.ini
2015-04-28 08:32 - 2014-12-09 18:19 - 00000386 _____ () C:\windows\Tasks\update-sys.job
2015-04-28 08:31 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\NDF
2015-04-28 08:21 - 2014-12-09 14:12 - 00000000 ____D () C:\Program Files (x86)\eScan
2015-04-28 08:17 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-27 23:54 - 2014-12-09 12:59 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2015-04-27 23:43 - 2015-01-30 15:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 23:26 - 2009-07-14 10:43 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-27 22:18 - 2014-12-09 18:19 - 00000386 _____ () C:\windows\Tasks\update-S-1-5-21-2827467872-2022378885-4253445440-1000.job
2015-04-27 15:34 - 2014-12-09 14:18 - 00000000 ____D () C:\FBackup
2015-04-27 09:59 - 2014-12-08 15:42 - 00000000 ____D () C:\Users\USER\AppData\Local\VirtualStore
2015-04-27 08:09 - 2015-03-22 07:29 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Malwarebytes
2015-04-27 00:03 - 2014-12-09 04:41 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-26 23:35 - 2014-12-08 15:45 - 00000000 ____D () C:\Users\USER\AppData\Local\Google
2015-04-26 21:19 - 2015-01-08 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-04-26 21:19 - 2014-12-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows
2015-04-26 21:19 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\registration
2015-04-26 20:48 - 2015-01-03 17:30 - 00000000 ____D () C:\Users\USER\AppData\Local\CrashDumps
2015-04-22 18:19 - 2014-12-09 18:19 - 00000424 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
2015-04-21 15:45 - 2015-01-02 22:21 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-04-21 15:45 - 2015-01-02 22:19 - 00000000 ____D () C:\Users\USER\AppData\Local\Paint.NET
2015-04-21 15:45 - 2015-01-02 22:19 - 00000000 ____D () C:\Program Files\Paint.NET
2015-04-16 19:51 - 2015-01-30 15:19 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 19:51 - 2014-12-09 16:45 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 19:51 - 2014-12-09 16:45 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 12:12 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-16 12:12 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\AppCompat
2015-04-16 08:38 - 2014-12-08 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:36 - 2015-01-11 09:05 - 00774004 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-16 08:31 - 2015-02-14 13:04 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 08:23 - 2015-02-14 13:04 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-14 22:24 - 2015-01-02 22:15 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Games
2015-04-14 21:48 - 2014-12-27 15:33 - 00000000 ____D () C:\Users\USER\Documents\Lightshot
2015-04-14 01:23 - 2009-07-14 10:39 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-04-10 17:21 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-05 23:37 - 2015-01-08 13:41 - 00000000 ____D () C:\Users\USER\AppData\Local\Windows Live
2015-04-03 06:45 - 2015-03-22 17:46 - 00000000 ____D () C:\ProgramData\HitmanPro

==================== Files in the root of some directories =======

2015-04-27 10:05 - 2015-04-28 09:36 - 0000035 _____ () C:\Users\USER\AppData\Roaming\mbam.context.scan
2015-04-28 09:45 - 2015-04-28 09:45 - 0007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-12-09 18:19 - 2014-12-09 18:19 - 0000003 _____ () C:\Users\USER\AppData\Local\updater.log
2014-12-09 18:19 - 2015-04-22 18:19 - 0000424 _____ () C:\Users\USER\AppData\Local\UserProducts.xml

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\wmicuclt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-21 20:46

==================== End Of Log ============================

 

_______________________________________________________________

__________________________________________________________

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by USER at 2015-04-28 09:55:58
Running from C:\Users\USER\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2827467872-2022378885-4253445440-500 - Administrator - Disabled)
Guest (S-1-5-21-2827467872-2022378885-4253445440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2827467872-2022378885-4253445440-1002 - Limited - Enabled)
USER (S-1-5-21-2827467872-2022378885-4253445440-1000 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: eScan Internet Security for Windows (Enabled - Up to date) {A19135CA-CAAB-25A4-3CA3-FEFFBFBEEFCE}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: eScan Internet Security for Windows (Enabled - Up to date) {1AF0D42E-EC91-2A2A-0613-C58DC439A573}
FW: eScan Internet Security for Windows (Enabled) {99AAB4EF-80C4-24FC-17FC-57CA416DA8B5}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eScan Internet Security for Windows (HKLM-x32\...\eScan Internet Security for Windows_is1) (Version: 11.0.1139.1700 - MicroWorld Technologies Inc.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )
Lightshot-5.2.0.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.17 - Skillbrains)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 08:19:22 Windows Update
15-04-2015 09:17:49 Windows Update
16-04-2015 08:18:41 Windows Update
17-04-2015 08:09:41 Windows Update
21-04-2015 16:14:55 Windows Update
24-04-2015 16:53:06 Windows Update
26-04-2015 13:37:15 Windows Update
27-04-2015 09:36:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-04-17 14:28 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EE7DC40-667C-4398-A20E-92A3ACC33C8D} - System32\Tasks\{7CF4AAC7-BE47-4A9A-8BCA-7DC69CAE76B6} => Firefox.exe http://www.skype.com...LastError=12002
Task: {216C419F-0EB3-4B11-8B9C-E1CFCC1F2E52} - System32\Tasks\{19600D66-1701-446D-A0CA-AF72B7634801} => Firefox.exe
Task: {242ACA1F-CCAD-45D8-9D55-5B1552C775CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2B297BE3-7E40-498F-943F-CBE49BDC8BE3} - System32\Tasks\{F55A6D1F-01B6-480C-9C37-74FFE28C3CD9} => Firefox.exe http://www.skype.com...LastError=12007
Task: {2E1ECC47-6A02-4706-871C-3531C58D8548} - System32\Tasks\eScan Updater => C:\Program Files (x86)\eScan\TRAYICOS.EXE [2012-10-04] (MicroWorld Technologies Inc.)
Task: {3C9B3620-20FA-4046-AE5F-B93590393252} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4F841F9B-5002-4F22-B662-510DEEDC018F} - System32\Tasks\update-S-1-5-21-2827467872-2022378885-4253445440-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {4FAEADD0-1223-4ED5-B24B-6F076D34C66A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2827467872-2022378885-4253445440-1000
Task: {52D6D80D-41BE-45F4-83DF-84DAC25802D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2827467872-2022378885-4253445440-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {72BEFDFF-8CB9-4960-8040-F4B39824E2F1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {7E2EF7C2-EEB0-41D3-9C21-96C0C1ECCA67} - System32\Tasks\{FEAEADA9-07B7-4A0A-A8DA-BA65FABB717F} => Firefox.exe http://www.skype.com...LastError=12002
Task: {861B0ACE-6C4C-4CF6-9FC4-D763DF4D82A8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {88C6BB4A-F272-4D52-8486-3D681527A906} - System32\Tasks\MailScan Dispatcher => C:\Program Files (x86)\eScan\launch.exe [2015-02-06] (MicroWorld Technologies Inc.)
Task: {940D7B8E-3EB9-4073-A250-D8BE0E0F336F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {9A826C13-542C-4F19-B588-46D12750BD2D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AC113F25-0BF9-43A1-B5E9-45EA0CFF0122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {BAD05F1F-9659-4530-B0D2-726B1D416872} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2827467872-2022378885-4253445440-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DA5094CF-4534-46B2-B1DC-AE4A4956E9BB} - System32\Tasks\{21E89060-48CF-4D6C-9E97-047FE9D84458} => pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe" -d "C:\toshiba data\Downloads\Downloaded program" -c "C:\toshiba data\Downloads\Downloaded program\Paint.NET.3.5.11.Install.zip"
Task: {EE19C403-D55E-4D46-9D97-C8FAC9FE1B4C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA035AE5-72AD-40B4-97D2-7D26B65AC7F2} - System32\Tasks\{C2186192-CCEF-4ADE-B430-73760810FADB} => Firefox.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0804da25bfba9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\update-S-1-5-21-2827467872-2022378885-4253445440-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2827467872-2022378885-4253445440-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 5.104.175.153 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{5FC928C6-ED1B-4A86-89AE-296A2F6C27A5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B784489F-C24D-4EA7-B8F4-E558286DA346}] => (Allow) LPort=2869
FirewallRules: [{36556810-7940-44DA-B939-B86038AC9DA0}] => (Allow) LPort=1900
FirewallRules: [{6F1B059B-4450-4494-8806-7BA05C454743}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0F79673F-BC14-42F2-94FC-18324F2A1828}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1F6D24FE-B7DE-4522-BCD6-7D542D8DC0C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{F6FFF19E-6C0A-4ABC-8916-D523FD27C838}] => (Allow) C:\Program Files (x86)\eScan\DOWNLOAD.EXE
FirewallRules: [{8F1D6602-7429-4704-AEEC-3CB29E8302B1}] => (Allow) C:\Program Files (x86)\eScan\DOWNLOAD.EXE
FirewallRules: [{5D2C4350-8F86-44A8-950B-7642F13FEE30}] => (Allow) C:\Program Files (x86)\eScan\TRAYICOS.EXE
FirewallRules: [{C73FBB1A-EB3F-4EC2-96F4-14CC03280289}] => (Allow) C:\Program Files (x86)\eScan\TRAYICOS.EXE
FirewallRules: [{E2FE024B-2993-439F-86AB-E1D305CB9D08}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{737DC966-60BB-4018-9C15-4418579798A1}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{1367EBFB-3D1A-429F-8382-5429F4499A34}] => (Allow) C:\Program Files (x86)\eScan\LICENSE.EXE
FirewallRules: [{4BE04C9D-698D-40E0-9F94-22653C8B49F7}] => (Allow) C:\Program Files (x86)\eScan\LICENSE.EXE
FirewallRules: [{E3E3B1B3-9FA4-4908-B9E9-1084A02B8FAD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{111B84EE-D88C-41C8-89D3-1CE6ED7A83CF}] => (Allow) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E1CE168B-44A8-4B22-AEB3-F06A1805BD54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F52490E8-4555-48AA-99E7-700F37725034}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7C51FEA-3B92-4262-971A-DDBE897F9485}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2015 09:21:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 08:44:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 08:21:01 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:21:01 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:21:01 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:21:01 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/28/2015 08:21:00 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:21:00 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/28/2015 08:21:00 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:21:00 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:53:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:53:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:53:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/28/2015 09:53:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-22 17:21:43.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 17:21:42.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 17:21:42.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:27.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:26.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:26.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 14:59:00.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 4043.86 MB
Available physical RAM: 2977.02 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 7042.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:580.98 GB) (Free:530.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 205C50AB)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ==========================

 

 

I ran it in safe mode with networking. I hope it's ok.


Edited by Avanika, 27 April 2015 - 11:22 PM.

  • 0

#4
Avanika
Posted 27 April 2015 - 11:28 PM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

It doesn't allow me to use 'paste' in the reply box without quoting the previous post.. hmm.. what am I doing wrong? I edited and posted both logs in the last box only.

 

Also can I remove that malwarebyte remnant files since I uninstalled it. Yet it didn''t sem to have uninstalled properly. ( it doesn't seem to detect this malware so.)

 

And I want to know if dumping this antivirus escan and installing another like Quickheal or Norton would help?


Edited by Avanika, 27 April 2015 - 11:31 PM.

  • 0

#5
Essexboy
Posted 28 April 2015 - 07:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is very little showing so I will take two different looks at the system

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
THEN

Run a fresh FRST scan but this time also place a tick in the shortcut txt box this will generate a third log. You may attach them if you wish
  • 0

#6
Avanika
Posted 28 April 2015 - 10:34 AM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

# AdwCleaner v4.202 - Logfile created 28/04/2015 at 21:50:49
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Downloads\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

***** [ Scheduled tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2827467872-2022378885-4253445440-1000

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1368 bytes] - [28/04/2015 21:49:30]
AdwCleaner[S0].txt - [1282 bytes] - [28/04/2015 21:50:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1341  bytes] ##########

 

--------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by USER (administrator) on USER-PC on 28-04-2015 21:58:01
Running from C:\Users\USER\Downloads
Loaded Profiles: USER (Available profiles: USER)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\econser.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\econceal.exe
(MicroWorld Technologies Inc.) C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\traysser.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\consctlx.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\TRAYICOS.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\maildisp.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\Vista\escanmon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\eScan\spooler.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2827467872-2022378885-4253445440-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2827467872-2022378885-4253445440-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-09] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2014-12-09] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-09] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2014-12-09] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2014-12-09] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-09] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-09] (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
Winsock: Catalog5 09 C:\windows\SysWOW64\mwnsp.dll [174312 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 01 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9 15 C:\windows\SysWOW64\mwtsp.dll [1379048 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog5-x64 09 C:\Windows\system32\mwnsp.dll [181992 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\mwtsp.dll [1682664 2014-12-09] (MicroWorld Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.153 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332
FF Homepage: https://www.google.c....91665533,d.c2E
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Extension: Lightshot (screenshot tool) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2015-04-27]
FF Extension: Adblock Plus - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\90egkzjd.default-1430151785332\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-27]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Bookmark Manager) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EconService; c:\Program Files (x86)\eScan\econser.exe [1066280 2012-10-04] (MicroWorld Technologies Inc.)
R2 eScan Monitor Service; C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe [2174592 2015-02-25] (MicroWorld Technologies Inc.)
R2 eScan-trayicos; C:\Program Files (x86)\eScan\traysser.exe [148200 2015-02-06] (MicroWorld Technologies Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [859432 2012-10-04] (MicroWorld Technologies Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R1 econceal; C:\Windows\System32\DRIVERS\econceal.sys [30216 2011-08-01] (MicroWorld Technologies Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 ProcObsrvesx; C:\Program Files (x86)\eScan\ProcObsrvesx.sys [22760 2014-12-09] (MicroWorld Technologies Inc.)
S3 Tosrfcom; No ImagePath
R3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2014-12-09] (BitDefender S.R.L.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B2931C83CFB12A3223A47B180473AE1A
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bdfsfltr.sys 66116E0A4DA8407FF7F2AAACE52B8B54
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btfilter.sys 2347ABBD13BADA65826FDAB4CAAFE357
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\drivers\CHDRT64.sys 66847C979893A11CFCC2280E772D7EA1
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\econceal.sys 0751FDF8E8F04480281D88CCA24C2D49
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 370C2A8629B30F910F740387795DDC6F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 063C09DB965E3DFD6F4F08416F6DB8F5
C:\Windows\System32\Drivers\ksecpkg.sys 1FA627E63195BF3BF636BFEF0D7190D4
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys EBED8B3FF4A823C1A6EEBEED7B29353F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Program Files (x86)\eScan\ProcObsrvesx.sys 6D4E8EABADFB1CFDF394C8C3A940FD2A
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\Drivers\RTSUVSTOR.sys E54A5586A28D0630A79A68BBAB84BFCF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tosrfec.sys F5E3AC4CBCD154EE80849B21887FD0B0
C:\Windows\System32\DRIVERS\tosrfusb.sys 7A0048693F98460FF537BE31C741B927
C:\Windows\System32\DRIVERS\tos_sps64.sys ==> MD5 is legit
C:\Windows\System32\drivers\trufos.sys B66EE1D68197DFB9AA24F961E68ACDCC
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 21:48 - 2015-04-28 21:50 - 00000000 ____D () C:\AdwCleaner
2015-04-28 21:47 - 2015-04-28 21:48 - 02224640 _____ () C:\Users\USER\Downloads\adwcleaner_4.202.exe
2015-04-28 20:04 - 2015-04-28 21:52 - 00000112 _____ () C:\windows\setupact.log
2015-04-28 20:04 - 2015-04-28 21:52 - 00000094 _____ () C:\windows\frights.log
2015-04-28 20:04 - 2015-04-28 20:04 - 00000000 _____ () C:\windows\setuperr.log
2015-04-28 18:53 - 2015-04-28 18:53 - 00000179 _____ () C:\windows\general.log
2015-04-28 18:12 - 2015-04-28 21:52 - 00009436 _____ () C:\windows\ESCAN.LOG
2015-04-28 12:43 - 2015-04-28 21:55 - 00028002 _____ () C:\windows\WindowsUpdate.log
2015-04-28 11:49 - 2015-04-28 11:49 - 00000000 ____D () C:\windows\rundll16.exe
2015-04-28 11:49 - 2015-04-28 11:49 - 00000000 ____D () C:\windows\logo1_.exe
2015-04-28 09:55 - 2015-04-28 21:58 - 00032845 _____ () C:\Users\USER\Downloads\FRST.txt
2015-04-28 09:55 - 2015-04-28 21:58 - 00000000 ____D () C:\FRST
2015-04-28 09:55 - 2015-04-28 09:56 - 00030379 _____ () C:\Users\USER\Downloads\Addition.txt
2015-04-28 09:52 - 2015-04-28 09:54 - 02100736 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2015-04-28 09:45 - 2015-04-28 09:45 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-04-27 21:53 - 2015-04-27 21:53 - 00000000 ____D () C:\Users\USER\Desktop\Old Firefox Data
2015-04-27 14:50 - 2015-04-27 14:53 - 00147456 ___SH () C:\Users\USER\Documents\Thumbs.db
2015-04-27 10:22 - 2015-04-27 15:28 - 00000000 ____D () C:\Users\USER\Downloads\backups
2015-04-27 10:05 - 2015-04-28 09:36 - 00000035 _____ () C:\Users\USER\AppData\Roaming\mbam.context.scan
2015-04-27 09:45 - 2015-04-27 09:45 - 00000000 ____D () C:\HJT
2015-04-27 00:03 - 2015-04-27 00:03 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 00:03 - 2015-04-27 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 23:50 - 2015-04-26 23:50 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0804da25bfba9.job
2015-04-26 23:50 - 2015-04-26 23:50 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 23:49 - 2015-04-26 23:50 - 00000000 ____D () C:\Users\USER\AppData\Local\Deployment
2015-04-26 23:49 - 2015-04-26 23:49 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2015-04-26 22:49 - 2015-04-26 22:49 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 22:49 - 2015-04-26 22:49 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 22:49 - 2015-04-26 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 13:44 - 2015-04-26 13:44 - 00000000 ____D () C:\08d760d078fd2b7641
2015-04-21 15:44 - 2015-04-21 15:44 - 00011978 _____ () C:\Users\USER\Desktop\pdncrash.log
2015-04-16 12:12 - 2015-04-16 12:12 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 12:12 - 2015-04-16 12:12 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-15 13:31 - 2015-04-02 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 13:31 - 2015-04-02 05:19 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-15 13:31 - 2015-03-13 10:02 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 13:31 - 2015-03-13 09:55 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 13:31 - 2015-03-13 09:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 13:31 - 2015-03-13 09:39 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 13:31 - 2015-03-13 09:38 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 13:31 - 2015-03-13 09:38 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 13:31 - 2015-03-13 09:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 13:31 - 2015-03-13 09:37 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 13:31 - 2015-03-13 09:36 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 13:31 - 2015-03-13 09:30 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 13:31 - 2015-03-13 09:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 13:31 - 2015-03-13 09:25 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 13:31 - 2015-03-13 09:24 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 13:31 - 2015-03-13 09:24 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 13:31 - 2015-03-13 09:23 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 13:31 - 2015-03-13 09:20 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 13:31 - 2015-03-13 09:14 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 13:31 - 2015-03-13 09:12 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-15 13:31 - 2015-03-13 09:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-15 13:31 - 2015-03-13 09:10 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 13:31 - 2015-03-13 09:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 13:31 - 2015-03-13 08:58 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-15 13:31 - 2015-03-13 08:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-15 13:31 - 2015-03-13 08:57 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-15 13:31 - 2015-03-13 08:57 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 13:31 - 2015-03-13 08:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-15 13:31 - 2015-03-13 08:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 13:31 - 2015-03-13 08:56 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-15 13:31 - 2015-03-13 08:53 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 13:31 - 2015-03-13 08:52 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-15 13:31 - 2015-03-13 08:50 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-15 13:31 - 2015-03-13 08:50 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-15 13:31 - 2015-03-13 08:47 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-15 13:31 - 2015-03-13 08:46 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-15 13:31 - 2015-03-13 08:45 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-15 13:31 - 2015-03-13 08:38 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 13:31 - 2015-03-13 08:37 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 13:31 - 2015-03-13 08:36 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-15 13:31 - 2015-03-13 08:35 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 13:31 - 2015-03-13 08:35 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 13:31 - 2015-03-13 08:31 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 13:31 - 2015-03-13 08:30 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 13:31 - 2015-03-13 08:27 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-15 13:31 - 2015-03-13 08:26 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-15 13:31 - 2015-03-13 08:24 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-15 13:31 - 2015-03-13 08:19 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-15 13:31 - 2015-03-13 08:15 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 13:31 - 2015-03-13 08:14 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-15 13:31 - 2015-03-13 08:13 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-15 13:31 - 2015-03-13 08:12 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-15 13:31 - 2015-03-13 08:04 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-15 13:31 - 2015-03-13 08:03 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 13:31 - 2015-03-13 07:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 13:31 - 2015-03-13 07:50 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-15 13:31 - 2015-03-13 07:46 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-15 13:31 - 2015-03-13 07:44 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-15 10:44 - 2015-03-17 10:52 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 10:52 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:44 - 2015-03-17 10:52 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 10:44 - 2015-03-17 10:49 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-15 10:44 - 2015-03-17 10:47 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 10:44 - 2015-03-17 10:46 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 10:44 - 2015-03-17 10:46 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 10:44 - 2015-03-17 10:46 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-15 10:44 - 2015-03-17 10:45 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-15 10:44 - 2015-03-17 10:45 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 10:44 - 2015-03-17 10:45 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 10:44 - 2015-03-17 10:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 10:44 - 2015-03-17 10:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:31 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:44 - 2015-03-17 10:31 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 10:29 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-15 10:44 - 2015-03-17 10:27 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-15 10:44 - 2015-03-17 10:26 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-15 10:44 - 2015-03-17 10:26 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-15 10:44 - 2015-03-17 10:26 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-15 10:44 - 2015-03-17 10:23 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-15 10:44 - 2015-03-17 10:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:15 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-15 10:44 - 2015-03-17 09:15 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-15 10:44 - 2015-03-17 09:13 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:44 - 2015-03-17 09:13 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:44 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 10:44 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 10:44 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-15 10:44 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-15 10:40 - 2015-03-23 08:55 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 10:40 - 2015-03-23 08:55 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 10:40 - 2015-03-23 08:54 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 10:40 - 2015-03-23 08:47 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 10:40 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-04-15 10:36 - 2015-03-25 08:54 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 10:36 - 2015-03-25 08:54 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 10:36 - 2015-03-25 08:53 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 10:36 - 2015-03-25 08:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 10:36 - 2015-03-25 08:53 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 10:36 - 2015-03-25 08:30 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 10:36 - 2015-03-25 08:30 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 10:05 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 10:05 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-15 09:37 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 09:37 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 09:37 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 09:33 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-07 23:33 - 2015-04-26 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 23:07 - 2015-04-05 23:07 - 00002323 _____ () C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2015-04-05 07:09 - 2015-04-26 21:36 - 00000000 ____D () C:\Users\USER\Downloads\New folder
2015-04-05 07:01 - 2015-04-05 07:10 - 00000000 ____D () C:\Users\USER\Downloads\patterns
2015-04-05 06:44 - 2015-04-26 21:19 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-05 06:44 - 2015-04-05 06:44 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-03-23 08:29 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-23 08:29 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-23 08:29 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-23 08:29 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-23 08:29 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-23 08:29 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-23 08:29 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-23 08:29 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-23 08:29 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-23 08:29 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-23 08:29 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-23 08:28 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-23 08:28 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-23 08:28 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-23 08:28 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-23 08:28 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-23 08:28 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-23 08:28 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-23 08:28 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-23 08:28 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-23 08:28 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-23 08:28 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-23 08:28 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-23 08:28 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-23 08:28 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-23 08:28 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-23 08:28 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-23 08:23 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-23 08:23 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-23 08:23 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-23 08:23 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-23 08:23 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-23 08:23 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-23 08:23 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-23 08:23 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-23 08:23 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-23 08:23 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-23 08:19 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-23 08:19 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-23 07:41 - 2015-01-09 05:14 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-23 07:41 - 2015-01-09 05:13 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-22 17:46 - 2015-04-03 06:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-22 14:41 - 2015-03-22 14:41 - 00002770 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-03-22 14:41 - 2015-03-22 14:41 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-22 12:17 - 2015-01-09 08:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-22 12:17 - 2015-01-09 08:44 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-22 12:17 - 2015-01-09 08:18 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-22 09:01 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-22 08:21 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-22 08:21 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-22 07:29 - 2015-04-27 08:09 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Malwarebytes
2015-03-22 07:28 - 2015-04-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-22 07:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-21 23:01 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-21 23:01 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-21 22:59 - 2015-02-26 08:55 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-21 22:59 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-21 22:59 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-21 22:59 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-21 22:59 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-19 21:33 - 2015-03-22 14:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-19 21:33 - 2015-03-21 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-11 21:45 - 2015-03-22 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-07 22:29 - 2015-04-28 09:50 - 00000000 ____D () C:\Users\USER\Downloads\sotw
2015-02-25 23:50 - 2015-01-09 08:44 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2015-02-14 13:04 - 2015-04-16 08:31 - 00000000 ____D () C:\windows\system32\MRT
2015-02-14 13:04 - 2015-04-16 08:23 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-11 08:56 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 08:56 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 08:53 - 2014-10-04 07:40 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-11 08:53 - 2014-10-04 07:12 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-11 08:53 - 2014-10-04 07:12 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-11 08:52 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2015-01-30 15:19 - 2015-04-28 21:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 15:19 - 2015-04-16 19:51 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 21:56 - 2009-07-14 08:04 - 00003906 _____ () C:\windows\win.ini
2015-04-28 21:53 - 2014-12-09 14:12 - 00000000 ____D () C:\Program Files (x86)\eScan
2015-04-28 21:52 - 2014-12-09 14:15 - 00009420 _____ () C:\windows\WSSPORDx.DAT
2015-04-28 21:52 - 2014-12-09 14:15 - 00009420 _____ () C:\windows\WSSPORD.DAT
2015-04-28 21:52 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-28 21:51 - 2009-07-14 10:15 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 21:51 - 2009-07-14 10:15 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 21:49 - 2014-12-09 12:59 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2015-04-28 20:54 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\NDF
2015-04-28 20:10 - 2009-07-14 10:43 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-27 15:34 - 2014-12-09 14:18 - 00000000 ____D () C:\FBackup
2015-04-27 09:59 - 2014-12-08 15:42 - 00000000 ____D () C:\Users\USER\AppData\Local\VirtualStore
2015-04-27 00:03 - 2014-12-09 04:41 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-26 23:35 - 2014-12-08 15:45 - 00000000 ____D () C:\Users\USER\AppData\Local\Google
2015-04-26 21:19 - 2015-01-08 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-04-26 21:19 - 2014-12-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows
2015-04-26 21:19 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\registration
2015-04-26 20:48 - 2015-01-03 17:30 - 00000000 ____D () C:\Users\USER\AppData\Local\CrashDumps
2015-04-22 18:19 - 2014-12-09 18:19 - 00000424 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
2015-04-21 15:45 - 2015-01-02 22:21 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-04-21 15:45 - 2015-01-02 22:19 - 00000000 ____D () C:\Users\USER\AppData\Local\Paint.NET
2015-04-21 15:45 - 2015-01-02 22:19 - 00000000 ____D () C:\Program Files\Paint.NET
2015-04-16 19:51 - 2014-12-09 16:45 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 19:51 - 2014-12-09 16:45 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 12:12 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-16 12:12 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\AppCompat
2015-04-16 08:38 - 2014-12-08 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:36 - 2015-01-11 09:05 - 00774004 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-14 22:24 - 2015-01-02 22:15 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Games
2015-04-14 21:48 - 2014-12-27 15:33 - 00000000 ____D () C:\Users\USER\Documents\Lightshot
2015-04-14 01:23 - 2009-07-14 10:39 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-04-10 17:21 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-05 23:37 - 2015-01-08 13:41 - 00000000 ____D () C:\Users\USER\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2015-04-27 10:05 - 2015-04-28 09:36 - 0000035 _____ () C:\Users\USER\AppData\Roaming\mbam.context.scan
2015-04-28 09:45 - 2015-04-28 09:45 - 0007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-12-09 18:19 - 2014-12-09 18:19 - 0000003 _____ () C:\Users\USER\AppData\Local\updater.log
2014-12-09 18:19 - 2015-04-22 18:19 - 0000424 _____ () C:\Users\USER\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\Quarantine.exe
C:\Users\USER\AppData\Local\Temp\SkypeSetup.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\wmicuclt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {49fe6c05-7f32-11e4-b363-88525747b481}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {49fe6c07-7f32-11e4-b363-88525747b481}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {49fe6c05-7f32-11e4-b363-88525747b481}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {49fe6c07-7f32-11e4-b363-88525747b481}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{49fe6c08-7f32-11e4-b363-88525747b481}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{49fe6c08-7f32-11e4-b363-88525747b481}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {49fe6c05-7f32-11e4-b363-88525747b481}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {49fe6c08-7f32-11e4-b363-88525747b481}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-02-21 20:46

==================== End Of Log ============================

 

 

-------------------------------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by USER at 2015-04-28 21:59:09
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2827467872-2022378885-4253445440-500 - Administrator - Disabled)
Guest (S-1-5-21-2827467872-2022378885-4253445440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2827467872-2022378885-4253445440-1002 - Limited - Enabled)
USER (S-1-5-21-2827467872-2022378885-4253445440-1000 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: eScan Internet Security for Windows (Enabled - Up to date) {A19135CA-CAAB-25A4-3CA3-FEFFBFBEEFCE}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: eScan Internet Security for Windows (Enabled - Up to date) {1AF0D42E-EC91-2A2A-0613-C58DC439A573}
FW: eScan Internet Security for Windows (Enabled) {99AAB4EF-80C4-24FC-17FC-57CA416DA8B5}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eScan Internet Security for Windows (HKLM-x32\...\eScan Internet Security for Windows_is1) (Version: 11.0.1139.1700 - MicroWorld Technologies Inc.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )
Lightshot-5.2.0.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.17 - Skillbrains)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 08:19:22 Windows Update
15-04-2015 09:17:49 Windows Update
16-04-2015 08:18:41 Windows Update
17-04-2015 08:09:41 Windows Update
21-04-2015 16:14:55 Windows Update
24-04-2015 16:53:06 Windows Update
26-04-2015 13:37:15 Windows Update
27-04-2015 09:36:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-04-17 14:28 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EE7DC40-667C-4398-A20E-92A3ACC33C8D} - System32\Tasks\{7CF4AAC7-BE47-4A9A-8BCA-7DC69CAE76B6} => Firefox.exe http://www.skype.com...LastError=12002
Task: {216C419F-0EB3-4B11-8B9C-E1CFCC1F2E52} - System32\Tasks\{19600D66-1701-446D-A0CA-AF72B7634801} => Firefox.exe
Task: {242ACA1F-CCAD-45D8-9D55-5B1552C775CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2B297BE3-7E40-498F-943F-CBE49BDC8BE3} - System32\Tasks\{F55A6D1F-01B6-480C-9C37-74FFE28C3CD9} => Firefox.exe http://www.skype.com...LastError=12007
Task: {2E1ECC47-6A02-4706-871C-3531C58D8548} - System32\Tasks\eScan Updater => C:\Program Files (x86)\eScan\TRAYICOS.EXE [2012-10-04] (MicroWorld Technologies Inc.)
Task: {3C9B3620-20FA-4046-AE5F-B93590393252} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4FAEADD0-1223-4ED5-B24B-6F076D34C66A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2827467872-2022378885-4253445440-1000
Task: {52D6D80D-41BE-45F4-83DF-84DAC25802D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2827467872-2022378885-4253445440-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7E2EF7C2-EEB0-41D3-9C21-96C0C1ECCA67} - System32\Tasks\{FEAEADA9-07B7-4A0A-A8DA-BA65FABB717F} => Firefox.exe http://www.skype.com...LastError=12002
Task: {861B0ACE-6C4C-4CF6-9FC4-D763DF4D82A8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {88C6BB4A-F272-4D52-8486-3D681527A906} - System32\Tasks\MailScan Dispatcher => C:\Program Files (x86)\eScan\launch.exe [2015-02-06] (MicroWorld Technologies Inc.)
Task: {940D7B8E-3EB9-4073-A250-D8BE0E0F336F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {9A826C13-542C-4F19-B588-46D12750BD2D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AC113F25-0BF9-43A1-B5E9-45EA0CFF0122} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {BAD05F1F-9659-4530-B0D2-726B1D416872} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2827467872-2022378885-4253445440-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DA5094CF-4534-46B2-B1DC-AE4A4956E9BB} - System32\Tasks\{21E89060-48CF-4D6C-9E97-047FE9D84458} => pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe" -d "C:\toshiba data\Downloads\Downloaded program" -c "C:\toshiba data\Downloads\Downloaded program\Paint.NET.3.5.11.Install.zip"
Task: {EE19C403-D55E-4D46-9D97-C8FAC9FE1B4C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA035AE5-72AD-40B4-97D2-7D26B65AC7F2} - System32\Tasks\{C2186192-CCEF-4ADE-B430-73760810FADB} => Firefox.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0804da25bfba9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-05 08:48 - 2011-04-05 08:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-19 06:48 - 2010-11-19 06:48 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-16 04:49 - 2010-12-16 04:49 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2010-12-09 05:12 - 2010-12-09 05:12 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-07-14 02:33 - 2009-07-14 06:45 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2827467872-2022378885-4253445440-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 5.104.175.153 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{5FC928C6-ED1B-4A86-89AE-296A2F6C27A5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B784489F-C24D-4EA7-B8F4-E558286DA346}] => (Allow) LPort=2869
FirewallRules: [{36556810-7940-44DA-B939-B86038AC9DA0}] => (Allow) LPort=1900
FirewallRules: [{6F1B059B-4450-4494-8806-7BA05C454743}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0F79673F-BC14-42F2-94FC-18324F2A1828}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1F6D24FE-B7DE-4522-BCD6-7D542D8DC0C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{F6FFF19E-6C0A-4ABC-8916-D523FD27C838}] => (Allow) C:\Program Files (x86)\eScan\DOWNLOAD.EXE
FirewallRules: [{8F1D6602-7429-4704-AEEC-3CB29E8302B1}] => (Allow) C:\Program Files (x86)\eScan\DOWNLOAD.EXE
FirewallRules: [{5D2C4350-8F86-44A8-950B-7642F13FEE30}] => (Allow) C:\Program Files (x86)\eScan\TRAYICOS.EXE
FirewallRules: [{C73FBB1A-EB3F-4EC2-96F4-14CC03280289}] => (Allow) C:\Program Files (x86)\eScan\TRAYICOS.EXE
FirewallRules: [{E2FE024B-2993-439F-86AB-E1D305CB9D08}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{737DC966-60BB-4018-9C15-4418579798A1}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{1367EBFB-3D1A-429F-8382-5429F4499A34}] => (Allow) C:\Program Files (x86)\eScan\LICENSE.EXE
FirewallRules: [{4BE04C9D-698D-40E0-9F94-22653C8B49F7}] => (Allow) C:\Program Files (x86)\eScan\LICENSE.EXE
FirewallRules: [{E3E3B1B3-9FA4-4908-B9E9-1084A02B8FAD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{111B84EE-D88C-41C8-89D3-1CE6ED7A83CF}] => (Allow) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E1CE168B-44A8-4B22-AEB3-F06A1805BD54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F52490E8-4555-48AA-99E7-700F37725034}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7C51FEA-3B92-4262-971A-DDBE897F9485}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2015 09:53:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 08:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/28/2015 08:04:37 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/28/2015 09:59:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (04/28/2015 09:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2015 09:57:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (04/28/2015 09:56:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2015 09:55:37 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (04/28/2015 09:55:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.

Error: (04/28/2015 09:55:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2015 09:51:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (04/28/2015 09:51:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (04/28/2015 09:51:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-22 17:21:43.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 17:21:42.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 17:21:42.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:27.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:26.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 08:03:26.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 20:48:39.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 14:59:00.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 4043.86 MB
Available physical RAM: 2308.05 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5882.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:580.98 GB) (Free:529.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 205C50AB)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================

 

 

 

--------------------------------------------------------------------------------------------------------------

 

Users shortcut scan result (x64) Version: 27-04-2015 01
Ran by USER at 2015-04-28 22:00:13
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\UserGuide.lnk -> C:\TOSHIBA\Docs\UserGuide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk -> C:\Program Files\Paint.NET\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator Help.lnk -> C:\Program Files\Toshiba\TOSHIBA Recovery Media Creator\help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator.lnk -> C:\Program Files\Toshiba\TOSHIBA Recovery Media Creator\TRMCLcher.exe (Toshiba Information Equipment(Hangzhou)Co.,LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Applications and Drivers.lnk -> C:\Program Files\Toshiba\TOSAPINS\COMPS1 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Bulletin Board.lnk -> C:\Program Files\Toshiba\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA ReelTime.lnk -> C:\Program Files\Toshiba\ReelTime\TosReelTime.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\Toshiba\Utilities\TACSPROP.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\eco Utility.lnk -> C:\Program Files\Toshiba\TECO\Teco.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Face Recognition.lnk -> C:\Program Files\Toshiba\SmartFaceV\SmartFaceVSetting.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Help.lnk -> C:\Program Files\Toshiba\FlashCards\Help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Settings.lnk -> C:\Program Files\Toshiba\FlashCards\TfcConf.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards.lnk -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HDD SSD Alert.lnk -> C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSSDAlert.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HWSetup.lnk -> C:\Program Files\Toshiba\Utilities\HWSETUP.EXE (TOSHIBA Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\Toshiba\PCDiag\PCDiag.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Health Monitor.lnk -> C:\Program Files\Toshiba\TPHM\TPCHViewer.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Service Station.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Sleep Utility.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Assist.lnk -> C:\Program Files\Toshiba\TOSHIBA Assist\TInTouch.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application Help.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\Help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\TOSHIBA Resolution+ for Windows Media Player Help.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller Help.lnk -> C:\Program Files\Toshiba\Media Controller\Help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller Plug-in Help.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller.lnk -> C:\Program Files\Toshiba\Media Controller\MediaController.exe (Toshiba Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Configure Microphone.lnk -> C:\Program Files\Toshiba\Speech System NLS\TosSrWsN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Read me.lnk -> C:\Program Files\Toshiba\Speech System NLS\ReadmeUS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\TOSHIBA Speech System Help.lnk -> C:\Program Files\Toshiba\Speech System NLS\Tossps.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Voice Commands.lnk -> C:\Program Files\Toshiba\Speech System NLS\TosvceN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Speech System\Web Speak.lnk -> C:\Program Files\Toshiba\Speech System NLS\ToswbrN.exe (TOSHIBA Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Networking\Wireless LAN Indicator - Settings.lnk -> C:\Program Files (x86)\Toshiba\Wireless LAN Indicator\tosSettings.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Add ConfigFree Gadgets.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\cfAddGadgets.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\ConfigFree tray.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Connectivity Doctor.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\cfmain.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\DVD-RAM Utility.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\TosRamUtil.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Assistant.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BtAssist1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Information Exchanger.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Settings.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth User Guide.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\UsrGuide.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Remote Camera.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Wireless File Transfer.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk -> C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Uninstall Lightshot.lnk -> C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\VobSubStrip.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows\Quick Scan your System.lnk -> C:\Program Files (x86)\eScan\mwavscan.exe (MicroWorld Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows\Uninstall eScan.lnk -> C:\Program Files (x86)\eScan\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle For PC\Kindle For PC.lnk -> C:\Program Files (x86)\Amazon\Kindle For PC\KindleForPC.exe (Amazon.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle For PC\Uninstall Kindle For PC.lnk -> C:\Program Files (x86)\Amazon\Kindle For PC\uninstall.exe (Amazon.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Paint.NET.lnk -> C:\Program Files\Paint.NET\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Recovery Media Creator.lnk -> C:\Program Files\Toshiba\TOSHIBA Recovery Media Creator\TRMCLcher.exe (Toshiba Information Equipment(Hangzhou)Co.,LTD)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\USER\Links\Desktop.lnk -> C:\Users\USER\Desktop ()
Shortcut: C:\Users\USER\Links\Downloads.lnk -> C:\Users\USER\Downloads ()
Shortcut: C:\Users\USER\Desktop\toshiba data - Shortcut.lnk -> C:\toshiba data ()
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HDD SSD Alert Help.lnk -> C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\OpenMUIHelp.exe () -> "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\Help" "SSDAlert1.chm"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Profile Settings.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /profile
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Radar.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /radar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\WPS Setup.lnk -> C:\Program Files (x86)\Toshiba\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /wps
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator Help.lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\OpenMUIHelp.exe () -> "C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\Help" ToDisc.chm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Add New Connection.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.) -> W /AUTOMODE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax",Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=reset_settings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {C204438D-6E1A-4309-B09C-0C0F749863AF}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 3.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\bejeweled3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games - WildTangent.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Penguins!\Penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tom Clancy's Splinter Cell.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\splintercell_shim-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 4 - The Tree of Life\virtualvillagers4thetreeoflife-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - toshiba.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe" /src gamesmenuoem /dp toshibacanada
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma's Revenge.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\Zuma's Revenge-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows\eScan Protection Center.lnk -> C:\Program Files (x86)\eScan\ShortCut.EXE (MicroWorld Technologies Inc.) -> /escanpro
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eScan for Windows\eScan Registration.lnk -> C:\Program Files (x86)\eScan\ShortCut.EXE (MicroWorld Technologies Inc.) -> /license
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Penguins!\Penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d8addf57-a369-460f-8a5c-2f240d8e33b7}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 4 - The Tree of Life\virtualvillagers4thetreeoflife-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b87f2bde-5d44-4e86-bd37-a71616b35ea6}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\bejeweled3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a26ca541-37b6-4f06-b1af-d3399f18138c}\PlayTasks\0\Tom Clancy's Splinter Cell.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\splintercell_shim-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{951226E3-26FC-40BC-8085-3677B1128F59}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{6E7DD52D-205E-4D6D-AF6A-0C34703DFA61}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{677247CF-4120-46DC-A3DF-71588CC9CB7E}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{6410631a-dec7-426b-a077-4a309b906d48}\PlayTasks\0\Jewel Quest The Sleepless Star - Collector's Edition.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Jewel Quest The Sleepless Star - Collectors Edition\JewelQuestSleeplessStar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{502CF397-846F-459B-AB59-9826E34B7ECE}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4e8af069-f0bd-4701-b872-2acd8e8a5a5d}\PlayTasks\0\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D080D0F-37EF-433E-90F1-CE36EB0205F6}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0334682e-f04f-4f03-8b56-d518fdcb7661}\PlayTasks\0\Zuma's Revenge.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\Zuma's Revenge-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src desktop /dp toshibacanada
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Bulletin Board.lnk -> C:\Program Files\Toshiba\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation) -> /sendto
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\Toshiba\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WildTangent Games App - toshiba.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe" /src gamesmenuoem /dp toshibacanada
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.url -> hxxp://app.prntscr.com/learnmore.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Screenshot history.url -> hxxp://app.prntscr.com/about-gallery.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Default\Favorites\Links\1. Ask Toshiba.url -> hxxp://ask.toshiba.ca/?w=1&p=PSK1WC-06S01S
InternetURL: C:\Users\Default\Favorites\Links\10. Promotions.url -> hxxp://www.toshiba.ca/promos
InternetURL: C:\Users\Default\Favorites\Links\2. My Homepage.url -> hxxp://www.toshiba.ca/welcome
InternetURL: C:\Users\Default\Favorites\Links\3. Activate Warranty.url -> hxxp://www.toshiba.ca/gowarranty/?w=1&m=Satellite%20L755&p=PSK1WC-06S01S&s=6B437727W
InternetURL: C:\Users\Default\Favorites\Links\4. Extended Warranty.url -> hxxp://www.toshiba.ca/warranty
InternetURL: C:\Users\Default\Favorites\Links\5. YellowPages.ca.url -> hxxp://www.toshiba.ca/yellowpages/
InternetURL: C:\Users\Default\Favorites\Links\6. ebay.url -> hxxp://rover.ebay.com/rover/1/706-70530-9400-0/4?mpre=http%3A%2F%2Fwww.ebay.ca
InternetURL: C:\Users\Default\Favorites\Links\7. eMusic.url -> hxxp://www.emusic.com/toshibamp3
InternetURL: C:\Users\Default\Favorites\Links\8. Shop Toshiba.url -> hxxp://www.shoptoshiba.ca/
InternetURL: C:\Users\Default\Favorites\Links\9. WildTangent.url -> hxxp://toshiba.wildgames.com/?mc=iefav&DP=toshibacanada
InternetURL: C:\Users\USER\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\USER\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\USER\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\USER\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\USER\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\USER\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\USER\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\USER\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\USER\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\USER\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\USER\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\USER\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\USER\Favorites\Links\1. Ask Toshiba.url -> hxxp://ask.toshiba.ca/?w=1&p=PSK1WC-06S01S
InternetURL: C:\Users\USER\Favorites\Links\10. Promotions.url -> hxxp://www.toshiba.ca/promos
InternetURL: C:\Users\USER\Favorites\Links\2. My Homepage.url -> hxxp://www.toshiba.ca/welcome
InternetURL: C:\Users\USER\Favorites\Links\3. Activate Warranty.url -> hxxp://www.toshiba.ca/gowarranty/?w=1&m=Satellite%20L755&p=PSK1WC-06S01S&s=6B437727W
InternetURL: C:\Users\USER\Favorites\Links\4. Extended Warranty.url -> hxxp://www.toshiba.ca/warranty
InternetURL: C:\Users\USER\Favorites\Links\5. YellowPages.ca.url -> hxxp://www.toshiba.ca/yellowpages/
InternetURL: C:\Users\USER\Favorites\Links\6. ebay.url -> hxxp://rover.ebay.com/rover/1/706-70530-9400-0/4?mpre=http%3A%2F%2Fwww.ebay.ca
InternetURL: C:\Users\USER\Favorites\Links\7. eMusic.url -> hxxp://www.emusic.com/toshibamp3
InternetURL: C:\Users\USER\Favorites\Links\8. Shop Toshiba.url -> hxxp://www.shoptoshiba.ca/
InternetURL: C:\Users\USER\Favorites\Links\9. WildTangent.url -> hxxp://toshiba.wildgames.com/?mc=iefav&DP=toshibacanada
InternetURL: C:\Users\USER\Favorites\Links\Suggested Sites (2).url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Users\USER\Favorites\Links\Suggested Sites.url -> 0

==================== End of log =============================
 

 

 

All four logs are here.

 

I got more redirects just after running adwcleaner.  :/ 


  • 0

#7
Essexboy
Posted 28 April 2015 - 11:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do other computers that use your router get redirects as well ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
Avanika
Posted 29 April 2015 - 07:26 AM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Here it is:
 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by USER at 2015-04-28 23:45:00 Run:1
Running from C:\Users\USER\Downloads
Loaded Profiles: USER (Available profiles: USER)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
    CreateRestorePoint:
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: ipconfig /release
    CMD: ipconfig /renew
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6855:2e2a:5c19:4c21%11
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{C90E43BE-360E-4171-8B19-3E5A0BC3791A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{43773071-661D-448F-AAA0-DA93D8F6A3BA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3ce2:38ac:3f57:fe9a
   Link-local IPv6 Address . . . . . : fe80::3ce2:38ac:3f57:fe9a%13
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6855:2e2a:5c19:4c21%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter isatap.{C90E43BE-360E-4171-8B19-3E5A0BC3791A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{43773071-661D-448F-AAA0-DA93D8F6A3BA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1c9b:246d:3f57:fe9a
   Link-local IPv6 Address . . . . . : fe80::1c9b:246d:3f57:fe9a%13
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {69E54950-5CF8-43C5-AFCD-F6807AAE925E}.
Unable to cancel {7112ACFF-7C16-4508-AE5D-14F6320EEFAB}.
Unable to cancel {8293A052-82ED-4087-B667-754E19D48999}.
Unable to cancel {A11BF730-7A28-4FB3-8D47-6260E3EB3E34}.
Unable to cancel {6BD07851-7C94-4512-852E-127492359EAB}.
Unable to cancel {6AD34302-AD56-49DD-A3AB-A33BB3AC114A}.
0 out of 6 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 77.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:45:30 ====


  • 0

#9
Avanika
Posted 29 April 2015 - 07:33 AM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

And about other computers- I haven't checked my PC yet but my son's ipad also seems to be getting redirect.


  • 0

#10
Essexboy
Posted 29 April 2015 - 07:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I thought the system looked OK... Your router has an infection and we need to clear that.

Reset your router to default (i.e. as it was the day you received it)

So if it was provided by your ISP then it will work properly as soon as you have finished
If you bought this yourself then you will need to redo the settings to the same as your initial setup

To reset your router find the tiny reset button usually located at the back of the router.
While the router is on, use a pin or the end of a paper clip to press and hold the reset button. You will need to hold it for about 10 seconds.
Generally, you will want to wait for the lights to change on the router. Depending on the make and model of your router the lights may start out blinking and change to solid or they may start out solid and change to blinking.
When you let go of the reset button the router should be reset to the factory settings.


I would then recommend that you change the password from default to something you will remember, this will prevent further attacks

Once done could you confirm that the redirects are history :)
  • 0

#11
Avanika
Posted 01 May 2015 - 11:30 PM

Avanika

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OK I thought the system looked OK... Your router has an infection and we need to clear that.

Reset your router to default (i.e. as it was the day you received it)

So if it was provided by your ISP then it will work properly as soon as you have finished
If you bought this yourself then you will need to redo the settings to the same as your initial setup

To reset your router find the tiny reset button usually located at the back of the router.
While the router is on, use a pin or the end of a paper clip to press and hold the reset button. You will need to hold it for about 10 seconds.
Generally, you will want to wait for the lights to change on the router. Depending on the make and model of your router the lights may start out blinking and change to solid or they may start out solid and change to blinking.
When you let go of the reset button the router should be reset to the factory settings.


I would then recommend that you change the password from default to something you will remember, this will prevent further attacks

Once done could you confirm that the redirects are history :)

 

Hmm..

 

I don't know how would I reconfigure it once I reset the modem. So I am avoiding doing it by myself and  trying to get help from some one here locally.

 

Thank you for your help.


Edited by Avanika, 01 May 2015 - 11:31 PM.

  • 0

#12
Essexboy
Posted 02 May 2015 - 03:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If the router was given to you by your ISP then it will be fully set up once it is reset :)
  • 0

#13
Essexboy
Posted 07 May 2015 - 08:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: infected, redirect, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP