Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websearchy Browser Hijacker


  • This topic is locked This topic is locked
2 replies to this topic

#1 Stickyittoyou

Stickyittoyou

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lewiston, ME
  • Local time:06:43 AM

Posted 08 July 2014 - 02:25 PM

Hi there,
 

I am currently working on a clients PC and while I have ran all other tools and the major Trojans/Malware are gone I am unable to fully remove Websearchy. Every time I open IE it will go redirect the browser to their website. I have tried to make the default Google however upon closing or pressing the home button it will make Websearchy the default page once again.

It's so far imbedded into the registry and OS that I do not want to touch it on my own. So I am here to seek your guys professional help. :)

Here is what FRST has put into a log. Have at it.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by User (administrator) on USER-PC on 08-07-2014 16:06:50
Running from C:\Users\User\Desktop\Commonly Used\MY_FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
() C:\Users\User\Desktop\MY_FRST\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {BDC0F1EA-E0B3-481D-9884-A4E71E2A1798} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {15D811D6-979A-4DA0-9B21-A6E02AEABAEF} URL = http://www-search.net/search.aspx?s=E3Jwlim0,25d9f5e1-2059-450e-aa9f-a7d598c40bdc,&q={searchTerms}
SearchScopes: HKLM - {1B0AEC5F-9979-4A64-8A2F-8014547A8D26} URL = http://www-search.net/search.aspx?s=E3Jwlim0,25d9f5e1-2059-450e-aa9f-a7d598c40bdc,&q={searchTerms}
SearchScopes: HKLM - {BDC0F1EA-E0B3-481D-9884-A4E71E2A1798} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321675&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPBDA8247B-BB3D-4F85-BE9D-E7DD2D175998&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.25

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-18]
FF HKCU\...\Firefox\Extensions: [{9cf78b6e-ee8e-4c00-b8aa-b2fd1da84db4}] - C:\Program Files (x86)\Re-markit-soft\157.xpi

Chrome:
=======
CHR HomePage: hxxp://www-search.net/?s=E3Jwlim0,25d9f5e1-2059-450e-aa9f-a7d598c40bdc,
CHR StartupUrls: "hxxp://google.com/"
CHR DefaultSearchKeyword: www-search.net
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: http://www-search.net/search.aspx?s=E3Jwlim0,25d9f5e1-2059-450e-aa9f-a7d598c40bdc,&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2014-05-22] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R4 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-07-08] ()
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 30BFEEE0DFFD5BD79D29157CF080DEED
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys EC8480425E5A8775FEB5004A8C1BD11E
C:\Windows\System32\DRIVERS\atikmpag.sys 87543E780F418BCDBC77279FE784AFF7
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 321533578132C811EC834A1B741C994C
C:\Windows\System32\DRIVERS\amd_sata.sys F9D46B6B322708BD5AFCC8767EBDC901
C:\Windows\System32\DRIVERS\amd_xata.sys 329CC9C7E20DEEBCD4CD10816193EF14
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B2931C83CFB12A3223A47B180473AE1A
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btfilter.sys 2347ABBD13BADA65826FDAB4CAAFE357
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CeKbFilter.sys A965B206921C55F2D1481789D609B711
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\windows\system32\drivers\hitmanpro37.sys FCE2251FE4464DCAA2F4684F19A8EE9B
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 1CE438B31551746AB450D8FFA403BDB5
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\jmcr.sys 25D602AE635A0443458FBED1A8B6E4E9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LPCFilter.sys 2825A71E7501CB33B3B9F856610C729D
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\thpdrv.sys 7F35CA8296A52C7161088EB1D952E8ED
C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38
C:\Windows\System32\drivers\Toshidpt.sys 755E5CA34D6186FC0E1430CD47E6E97C
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys 09CF82C0068C7CFF7E2B3797BE7F5CC2
C:\Windows\System32\Drivers\tosrfbnp.sys 90F0B1745ABF13F44C2A6ED79F7CE9FB
C:\Windows\System32\Drivers\tosrfcom.sys 9E4E65EA51E34647340BD6007467AC54
C:\Windows\System32\DRIVERS\tosrfec.sys F5E3AC4CBCD154EE80849B21887FD0B0
C:\Windows\System32\DRIVERS\Tosrfhid.sys 7D2467D3EB9BAA4B69AE4A28C83DE57A
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys 7052B10E54B48AF12BD5606596A8E039
C:\Windows\System32\DRIVERS\tosrfusb.sys 7A0048693F98460FF537BE31C741B927
C:\Windows\System32\DRIVERS\tos_sps64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-08 16:06 - 2014-07-08 16:06 - 00021636 _____ () C:\ComboFix.txt
2014-07-08 15:58 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-08 15:58 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-08 15:58 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-08 15:58 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-08 15:58 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-08 15:58 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-08 15:58 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-08 15:58 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-08 15:57 - 2014-07-08 16:06 - 00000000 ____D () C:\Qoobox
2014-07-08 14:57 - 2014-07-08 16:06 - 00000000 ____D () C:\FRST
2014-07-08 14:50 - 2014-07-08 14:50 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\Users\User\AppData\Local\VS Revo Group
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-08 14:50 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-07-08 14:42 - 2014-07-08 16:06 - 00000000 ____D () C:\Users\User\Desktop\Commonly Used
2014-07-08 14:33 - 2014-07-08 14:33 - 00000796 _____ () C:\windows\setupact.log
2014-07-08 14:33 - 2014-07-08 14:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-08 14:28 - 2014-07-08 14:28 - 00001544 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 14:13 - 2014-07-08 14:13 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-07-08 11:50 - 2014-07-08 11:50 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-07-08 11:50 - 2014-07-08 11:50 - 00003222 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-07-08 11:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-08 11:44 - 2014-07-08 11:46 - 00000000 ____D () C:\AdwCleaner
2014-07-08 11:43 - 2014-07-08 11:43 - 01346519 _____ () C:\Users\User\Downloads\adwcleaner_3.214.exe
2014-07-08 10:53 - 2014-07-08 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 10:31 - 2014-07-08 10:31 - 00000000 ____D () C:\windows\ERUNT
2014-07-08 10:10 - 2014-07-08 15:57 - 00000000 ____D () C:\windows\erdnt
2014-07-07 16:57 - 2014-07-08 09:45 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-07 16:55 - 2014-07-07 16:55 - 00582508 _____ () C:\windows\system32\.crusader
2014-07-07 16:39 - 2014-07-07 16:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 11:47 - 2014-06-23 11:47 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-06-23 11:47 - 2014-06-23 11:47 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-06-11 10:14 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 10:14 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 10:14 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 10:14 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:14 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 10:14 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 10:14 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 10:14 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 10:14 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 10:14 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 10:14 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 10:14 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 10:13 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 10:13 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 10:13 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 10:13 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 10:13 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 10:13 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 10:13 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 10:13 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 10:13 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 10:13 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 10:13 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 10:13 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 10:13 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 10:13 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 10:13 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:13 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 10:13 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 10:13 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 10:13 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:13 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 10:13 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 10:13 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 10:13 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 10:13 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 10:13 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 10:13 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 10:13 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 10:13 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 10:13 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 10:13 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 10:13 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 10:13 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 10:13 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 10:13 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 10:13 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 10:13 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 10:13 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 10:13 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 10:13 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 10:13 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 10:13 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 10:13 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 10:13 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 10:13 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 10:13 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 10:13 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 10:13 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 10:13 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 10:13 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 10:13 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 10:13 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 10:13 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 10:13 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 10:13 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 10:12 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 10:12 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-08 16:06 - 2014-07-08 16:06 - 00021636 _____ () C:\ComboFix.txt
2014-07-08 16:06 - 2014-07-08 15:57 - 00000000 ____D () C:\Qoobox
2014-07-08 16:06 - 2014-07-08 14:57 - 00000000 ____D () C:\FRST
2014-07-08 16:06 - 2014-07-08 14:42 - 00000000 ____D () C:\Users\User\Desktop\Commonly Used
2014-07-08 16:04 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-07-08 15:57 - 2014-07-08 10:10 - 00000000 ____D () C:\windows\erdnt
2014-07-08 15:55 - 2014-03-18 23:26 - 00000336 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2014-07-08 15:31 - 2014-03-18 17:03 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 15:24 - 2014-03-12 15:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 15:16 - 2014-03-18 17:41 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000UA.job
2014-07-08 14:50 - 2014-07-08 14:50 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\Users\User\AppData\Local\VS Revo Group
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-08 14:50 - 2014-07-08 14:50 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-08 14:34 - 2009-07-14 01:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-08 14:33 - 2014-07-08 14:33 - 00000796 _____ () C:\windows\setupact.log
2014-07-08 14:33 - 2014-07-08 14:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-08 14:28 - 2014-07-08 14:28 - 00001544 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 14:15 - 2014-05-21 01:48 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{5C076970-ACFD-41C1-897B-085AE081D73D}
2014-07-08 14:13 - 2014-07-08 14:13 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2014-07-08 14:12 - 2014-03-12 10:46 - 00010972 _____ () C:\windows\IE10_main.log
2014-07-08 13:46 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 13:46 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 13:38 - 2014-03-11 18:15 - 01700467 _____ () C:\windows\WindowsUpdate.log
2014-07-08 13:25 - 2014-03-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Real
2014-07-08 13:25 - 2014-03-18 17:01 - 00000000 ____D () C:\ProgramData\Real
2014-07-08 13:24 - 2014-04-03 18:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\PC-Gizmos
2014-07-08 13:24 - 2014-03-18 17:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Real
2014-07-08 13:23 - 2014-03-18 16:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\mjusbsp
2014-07-08 13:23 - 2014-03-18 11:03 - 00001945 _____ () C:\windows\epplauncher.mif
2014-07-08 13:17 - 2014-03-30 00:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\DivX
2014-07-08 13:17 - 2014-03-30 00:28 - 00000000 ____D () C:\Program Files\DivX
2014-07-08 13:17 - 2014-03-30 00:26 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-07-08 13:17 - 2014-03-30 00:25 - 00000000 ____D () C:\ProgramData\DivX
2014-07-08 13:01 - 2014-03-23 21:00 - 00000000 ____D () C:\windows\pss
2014-07-08 11:50 - 2014-07-08 11:50 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-07-08 11:50 - 2014-07-08 11:50 - 00003222 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-07-08 11:47 - 2014-03-18 17:03 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 11:47 - 2010-11-20 23:47 - 01139746 _____ () C:\windows\PFRO.log
2014-07-08 11:47 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-08 11:46 - 2014-07-08 11:44 - 00000000 ____D () C:\AdwCleaner
2014-07-08 11:46 - 2014-03-19 00:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-08 11:43 - 2014-07-08 11:43 - 01346519 _____ () C:\Users\User\Downloads\adwcleaner_3.214.exe
2014-07-08 10:53 - 2014-07-08 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 10:31 - 2014-07-08 10:31 - 00000000 ____D () C:\windows\ERUNT
2014-07-08 10:30 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-08 10:25 - 2014-03-18 17:03 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 10:25 - 2014-03-18 17:03 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-08 10:21 - 2009-07-13 22:34 - 81788928 _____ () C:\windows\system32\config\software.bak
2014-07-08 10:21 - 2009-07-13 22:34 - 18087936 _____ () C:\windows\system32\config\system.bak
2014-07-08 10:21 - 2009-07-13 22:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-07-08 10:21 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-07-08 10:21 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-07-08 09:45 - 2014-07-07 16:57 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-07-07 16:56 - 2014-07-07 16:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-07 16:55 - 2014-07-07 16:55 - 00582508 _____ () C:\windows\system32\.crusader
2014-07-07 16:55 - 2014-03-22 17:01 - 00000000 ____D () C:\Users\User\AppData\Local\f25269c9-a480-4c0b-d01e-cc8ca449a556
2014-06-23 11:47 - 2014-06-23 11:47 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-06-23 11:47 - 2014-06-23 11:47 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000
2014-06-19 18:44 - 2014-03-18 11:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 18:19 - 2014-03-12 10:23 - 00000000 ____D () C:\windows\system32\MRT
2014-06-19 18:16 - 2014-03-18 17:41 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000Core.job
2014-06-19 18:15 - 2014-03-12 10:23 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-19 18:11 - 2014-03-18 17:41 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000UA
2014-06-19 18:11 - 2014-03-18 17:41 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000Core
2014-06-19 18:10 - 2014-05-06 14:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 13:58 - 2014-06-03 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2600 series
2014-06-11 13:58 - 2014-06-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-06-11 13:58 - 2014-05-01 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2014-06-11 13:58 - 2014-03-19 14:54 - 00000000 ____D () C:\ProgramData\SearchModule
2014-06-11 13:58 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-11 13:58 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-11 13:58 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-06-08 05:13 - 2014-06-11 10:12 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 10:12 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {fae553db-a969-11e3-8599-c7e2b03f84c7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {fae553dd-a969-11e3-8599-c7e2b03f84c7}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {fae553db-a969-11e3-8599-c7e2b03f84c7}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {fae553dd-a969-11e3-8599-c7e2b03f84c7}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fae553de-a969-11e3-8599-c7e2b03f84c7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fae553de-a969-11e3-8599-c7e2b03f84c7}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {fae553db-a969-11e3-8599-c7e2b03f84c7}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {fae553de-a969-11e3-8599-c7e2b03f84c7}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2014-07-08 15:47

==================== End Of Log ============================
 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by User at 2014-07-08 16:07:22
Running from C:\Users\User\Desktop\Commonly Used\MY_FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
ccc-utility64 (Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
DJ Intro version 1.0.9 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.0.9 - Serato Audio Research)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Pioneer DDJ_SX Driver (HKLM-x32\...\Pioneer DDJ_SX ASIO) (Version: 1.000.000.001 - Pioneer Corporation.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Serato DJ  (HKLM-x32\...\{a2400c14-7c42-4ad2-a14c-703c0fdfb599}) (Version: 1.2.0.31 - )
Serato DJ  (x32 Version: 1.2.0.31 - Serato) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

08-07-2014 17:40:31 ComboFix created restore point
08-07-2014 18:51:10 Revo Uninstaller Pro's restore point - Websearchy
08-07-2014 18:51:58 Revo Uninstaller Pro's restore point - searchy
08-07-2014 18:52:52 Revo Uninstaller Pro's restore point - websearchy

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-08 10:23 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0920A400-3B6D-4F43-A145-EF109EBA9B27} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {163F79C2-8ECB-46A2-96F9-11769492AFA3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1D827ED4-47A4-4406-B81A-246DE483621F} - System32\Tasks\{0D8E9E0F-A2AD-4199-BBFD-D22BE63DC787} => C:\Users\User\Desktop\java-runtime-environment-7u40-7.0.400-64-multi.exe [2014-03-19] (Oracle Corporation)
Task: {20D4D80C-9875-4F60-80E7-A2CA0CD3FC77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {211D978C-C8FF-41EA-AD3A-F19E39E708F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation)
Task: {2890BECF-33FD-4BC1-91A7-703047A2C9AA} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {2DC85D4A-8892-4068-8D75-B4ED663C85E0} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {2EFD2FFA-9A2E-4400-AD29-8276526D4587} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {5006687C-A647-467D-B4B2-CCDC81699757} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {677DDE09-D0E9-4603-A751-D4FDD165472B} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {7AFD673B-5E21-4913-9F54-B0729C8CA0AA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2893744011-250394437-116619595-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7BFE90D1-8009-466F-BCDB-E9746EC4D801} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {7F4FAA0E-EEB0-453F-A293-6DA0F629403E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {85203EEC-9FE3-4F4E-9FAE-0AC5CCEFD1D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation)
Task: {85787640-DBB4-4950-848D-427D02B41A16} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A17F27A3-8DC4-435B-93BE-DDEA475B3C6B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B775CEF3-FA1D-44DA-AFEE-1094901BE12A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {C143667A-CB77-4623-9AC0-15BCF53A28BC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {CDA46B72-7480-4B6D-B6EC-F253021F80AC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2893744011-250394437-116619595-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D3DBBA56-C43B-4852-B2D6-5233F8A7115A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {DE49522B-0C01-4967-A701-74A4F1A37FED} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {EBB92820-4AB8-4B93-B905-E4CDFB75600B} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893744011-250394437-116619595-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 11:16 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-19 18:42 - 2014-06-19 18:42 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCProtect => ""="service" <==== ATTENTION

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PastaQuotes.lnk => C:\windows\pss\PastaQuotes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
MSCONFIG\startupreg: cdloader => "C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: fst_us_14 =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PC_GIZMOS => "C:\Users\User\AppData\Roaming\PC-Gizmos\SoundcloudDLD-PC_136528.en_88.exe" --update
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: Windows Client Manager => C:\Program Files (x86)\Java Update\winclient32.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/08/2014 04:04:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/08/2014 04:01:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-08 10:36:13.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 10:36:13.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 10:35:30.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 10:34:22.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-08 10:19:19.927
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-08 10:19:19.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-25 10:49:00.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 10:49:00.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 10:45:46.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 5608.67 MB
Available physical RAM: 3926.27 MB
Total Pagefile: 11215.52 MB
Available Pagefile: 9607.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106327W0C) (Fixed) (Total:580.1 GB) (Free:524.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CANON_IJ) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive e: (TCP KEY 2) (Removable) (Total:29.76 GB) (Free:19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: EDD80DC6)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 994D9719)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

 

 

 

 

Users shortcut scan result (x64) Version: 05-07-2014 01
Ran by User at 2014-07-08 16:07:38
Running from C:\Users\User\Desktop\Commonly Used\MY_FRST
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba Book Place\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk -> C:\Program Files (x86)\TOSHIBA\Amazon.com\MFU.exe (Toshiba America Information Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba Book Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba Book Place\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba Laptop Checkup.LNK -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\Norton PC Checkup.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba Online Backup.lnk -> C:\Windows\Installer\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}\Icon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Bulletin Board.lnk -> C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Button Support.lnk -> C:\Program Files\TOSHIBA\TBS\SpecApp.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\eco Utility.lnk -> C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Face Recognition.lnk -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVSetting.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcConf.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HDD Protection Settings.lnk -> C:\Windows\System32\ThpProp.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HWSetup.lnk -> C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\ReelTime.lnk -> C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Sleep Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\HDD SSD Alert.lnk -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSSDAlert.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\PC Health Monitor.lnk -> C:\Program Files\TOSHIBA\TPHM\TPCHViewer.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Recovery Media Creator.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe (Toshiba Information Equipment(Hangzhou)Co.,LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Service Station.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Toshiba Application Installer.lnk -> C:\Program Files\TOSHIBA\TOSAPINS\Install.exe (Toshiba)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\TOSHIBA Assist.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Assist\TInTouch.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Toshiba Registration.lnk -> C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistration.exe (Toshiba America Information Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\User's Guide.lnk -> C:\Program Files (x86)\TOSHIBA\Documentation\userguide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\BD DVD PLAYER.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA VIDEO PLAYER\TosDVD.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\Disc Creator.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\DVD-RAM Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\TosRamUtil.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\TOSHIBA Resolution+ for Windows Media Player Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\TOSHIBA VIDEO PLAYER.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA VIDEO PLAYER\TosHDDVD.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\Web Camera Application.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\TOSHIBA Media Controller\TOSHIBA Media Controller Plug-in Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\TOSHIBA Media Controller\TOSHIBA Media Controller.lnk -> C:\Program Files\TOSHIBA\Media Controller\MediaController.exe (Toshiba Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Assistant.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BtAssist1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Information Exchanger.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Settings.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth User Guide.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\UsrGuide.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Remote Camera.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BIP_Camera1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Wireless File Transfer.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Voice & Video Calls.lnk -> C:\Program Files (x86)\TOSHIBA\Skype\Skype.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato\Serato DJ .lnk -> C:\Windows\Installer\{3333CFEB-58E7-40C4-B538-08991768BB2F}\SeratoDJ.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato\DJ Intro\DJ Intro.lnk -> C:\Program Files (x86)\Serato\DJ Intro\Serato DJ Intro.exe (Serato)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato\DJ Intro\Uninstall DJ Intro.lnk -> C:\Program Files (x86)\Serato\DJ Intro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pioneer\DDJ_SX\DDJ_SX ASIO Settings Utility.lnk -> C:\Program Files (x86)\Pioneer\Pioneer DDJ_SX ASIO\Pioneer_DDJ_SX_ASIO_Config.exe (Pioneer Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pioneer\DDJ_SX\DDJ_SX Version Display Utility.lnk -> C:\Program Files (x86)\Pioneer\Pioneer DDJ_SX ASIO\Pioneer_DDJ_SX_Version.exe (Pioneer Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pioneer\DDJ_SX\Uninstall.lnk -> C:\Program Files (x86)\Pioneer\Pioneer DDJ_SX ASIO\Uninstall.exe (Pioneer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero\NetZero Internet Service.lnk -> C:\Program Files (x86)\TOSHIBA\NetZero\nz-toshiba-landing.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\INFOPATH.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Lync Recording Manager.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Document Manager.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\Help\inkjet26.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Product Support Website.lnk -> C:\Program Files (x86)\HP\Digital Imaging\HP Officejet 4500 G510g-m\help\HP Product Support Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Readme.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\help\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Setup Guide.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\setup\hwsetupwizard\setup_guide.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\HP Smart Web Printing Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\Help\hpsmartprint.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once\Corel Label@Once.lnk -> C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel\Corel WinDVD BD.lnk -> C:\Program Files (x86)\Corel\CorelWinDVD2010\WinDVD.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com\Amazon MP3 - Millions of Music Downloads.lnk -> C:\Program Files (x86)\TOSHIBA\Amazon.com\MP3.exe (Toshiba America Information Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com\Amazon Video On Demand Movies & TV.lnk -> C:\Program Files (x86)\TOSHIBA\Amazon.com\VOD.exe (Toshiba America Information Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com\Amazon.com - Online Shopping.lnk -> C:\Program Files (x86)\TOSHIBA\Amazon.com\Shop.exe (Toshiba America Information Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\DJ Intro.lnk -> C:\Program Files (x86)\Serato\DJ Intro\Serato DJ Intro.exe (Serato)
Shortcut: C:\Users\Public\Desktop\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\Public\Desktop\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\Users\Public\Desktop\Serato DJ .lnk -> C:\Windows\Installer\{3333CFEB-58E7-40C4-B538-08991768BB2F}\SeratoDJ.exe ()
Shortcut: C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\HP\Print Projects\Common01\Bin\HpqWLPG03.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\User\Links\Desktop.lnk -> C:\Users\User\Desktop ()
Shortcut: C:\Users\User\Links\Downloads.lnk -> C:\Users\User\Downloads ()
Shortcut: C:\Users\User\Desktop\Access 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\Desktop\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\Desktop\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\Desktop\Publisher 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\Desktop\Send to OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\Desktop\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager\Music Manager.lnk -> C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Browser\Application\chromeie.exe (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Google\Chrome\User Data\Chrome App Launcher.lnk -> C:\Program Files (x86)\Browser\Application\chromegc.exe (No File)

ShortcutWithArgument: C:\Users\User\Desktop\Tuvaro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www-search.net/search/search.html?s=E3Jwlim0%2c25d9f5e1-2059-450e-aa9f-a7d598c40bdc%2c&vp=add
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tuvaro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www-search.net/search/search.html?s=E3Jwlim0%2c25d9f5e1-2059-450e-aa9f-a7d598c40bdc%2c&vp=add
ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www-search.net\http_80\Tuvaro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www-search.net/search/search.html?s=E3Jwlim0%2c25d9f5e1-2059-450e-aa9f-a7d598c40bdc%2c&vp=add

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba App Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) -> /t:ProgramsMenuIcon
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Add New Connection.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.) -> W /AUTOMODE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\INFOPATH.EXE (Microsoft Corporation) -> /design
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk -> C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files\Microsoft Office 15\Root\Office15\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk -> C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files\Microsoft Office 15\Root\Office15\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Add A Device.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\hpzstub.exe (Hewlett-Packard) -> -addadevice
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Product Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP Officejet 4500 G510g-m"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Toolbox.lnk -> C:\Program Files (x86)\HP\Digital Imaging\hp officejet 4500 G510g-m\data\hpbLTBX.exe () -> 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Officejet 4500 G510g-m\Uninstall.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hpwscr26.dat -onestop -forcereboot
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 3.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\bejeweled3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\It Girl!.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - It Girl!\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - It Girl!\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Letters from Nowhere 2.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Letters from Nowhere 2\LettersFromNowhere2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games - WildTangent.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Penguins!\Penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler Strike!.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Polar Bowler Strike!\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Polar Bowler Strike!\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tales of Lagoona.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Tales of Lagoona\Tales of Lagoona-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - toshiba.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe" /src gamesmenuoem /dp toshibaus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma's Revenge.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\zumasrevenge-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Penguins!\Penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca9f0082-7f3d-4f78-b4e6-592c73461b8c}\PlayTasks\0\Tales of Lagoona.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Tales of Lagoona\Tales of Lagoona-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca4ed303-5737-4b13-9aff-3f92aa8e364d}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - It Girl!\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - It Girl!\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b87f2bde-5d44-4e86-bd37-a71616b35ea6}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\bejeweled3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{951226E3-26FC-40BC-8085-3677B1128F59}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5f828e7a-066c-4d4a-ada6-8b2494b859db}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Polar Bowler Strike!\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Polar Bowler Strike!\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4e8af069-f0bd-4701-b872-2acd8e8a5a5d}\PlayTasks\0\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D080D0F-37EF-433E-90F1-CE36EB0205F6}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2927c20c-77c6-4717-8126-a7ced468ea2b}\PlayTasks\0\Letters from Nowhere 2.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Letters from Nowhere 2\LettersFromNowhere2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{276f981c-5097-4d06-aa22-485253b56eea}\PlayTasks\0\RollerCoaster Tycoon 3 Platinum.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\RollerCoaster Tycoon 3 Platinum\RCT3plus-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0334682e-f04f-4f03-8b56-d518fdcb7661}\PlayTasks\0\Zuma's Revenge.lnk -> C:\Program Files (x86)\TOSHIBA Games\onplay\onplay.exe () -> "C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\zumasrevenge-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Word\PSY%20210%20-%20EXERCISE%202-%20SPRING%202014303617034224243706\PSY%20210%20-%20EXERCISE%202-%20SPRING%202014.doc.lnk -> C:\Users\User\Downloads\PSY 210 - EXERCISE 2- SPRING 2014.doc () -> 12
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url -> hxxp://www.revouninstallerpro.com/
InternetURL: C:\Users\User\Favorites\TV.com\TV.com – Internet TV on your PC.url -> hxxp://www.tv.com/toshiba
InternetURL: C:\Users\User\Favorites\Toshiba\Deals and Offers.url -> hxxp://us.toshiba.com/adps/deals-and-offers
InternetURL: C:\Users\User\Favorites\Toshiba\Find Us on Twitter, Facebook, and YouTube.url -> hxxp://us.toshiba.com/social-media
InternetURL: C:\Users\User\Favorites\Toshiba\QuickBooks® Online Banking.url -> hxxp://www.quickbooksdirect.com/tshboffer1
InternetURL: C:\Users\User\Favorites\Toshiba\Shop Toshiba.url -> hxxp://www.toshibadirect.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba App Place.url -> hxxp://apps.toshiba.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Book Place.url -> hxxp://www.toshibabookplace.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Corporate Social Responsibility.url -> hxxp://us.toshiba.com/green
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Laptop Forums.url -> hxxp://laptopforums.toshiba.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Online Backup.url -> hxxp://us.toshiba.com/online-backup
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Product Registration.url -> hxxp://toshibaproductregistration.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Start Place.url -> hxxp://start.toshiba.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba Support.url -> hxxp://pcsupport.toshiba.com/
InternetURL: C:\Users\User\Favorites\Toshiba\Toshiba US.url -> hxxp://us.toshiba.com/
InternetURL: C:\Users\User\Favorites\Skype\Skype.url -> hxxp://www.skype.com/go/ToshibaTAIS
InternetURL: C:\Users\User\Favorites\Music\eMusic.url -> hxxp://www.emusic.com/Toshiba
InternetURL: C:\Users\User\Favorites\LogMeIn\LogMeIn.url -> https://secure.logmein.com/welcome/toshiba/
InternetURL: C:\Users\User\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\User\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\User\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\User\Favorites\Links\Toshiba App Place.url -> hxxp://apps.toshiba.com/ie8webslice
InternetURL: C:\Users\User\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\User\Favorites\Links\WildTangent Games.url -> hxxp://www.wildtangent.com/webslice?dp=toshibaus
InternetURL: C:\Users\User\Favorites\Internet Security\Your Security Center.url -> hxxp://us.toshiba.com/computers/research-center/for-home/cybercrime-news-by-norton
InternetURL: C:\Users\User\Favorites\Games\WildTangent Games.url -> hxxp://toshiba.wildgames.com/?mc=iefav&dp=toshibaus
InternetURL: C:\Users\User\Favorites\eBay\Electronics, Cars, Clothing, Collectibles and More Online Shopping.url -> hxxp://rover.ebay.com/rover/1/711-136351-14396-0/4
InternetURL: C:\Users\User\Favorites\Amazon.com\Amazon MP3 – Millions of Music Downloads.url -> hxxp://www.amazon.com/b/?node=163856011&tag=tais2-bookmark-mp3-20
InternetURL: C:\Users\User\Favorites\Amazon.com\Amazon Video On Demand Movies & TV.url -> hxxp://www.amazon.com/b/?node=16261631&tag=tais2-bookmark-vod-20
InternetURL: C:\Users\User\Favorites\Amazon.com\Shop at Amazon.com.url -> hxxp://www.amazon.com/?tag=tais2-desktop-20

==================== End of log =============================


 


 


Edited by Stickyittoyou, 08 July 2014 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 Stickyittoyou

Stickyittoyou
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lewiston, ME
  • Local time:06:43 AM

Posted 09 July 2014 - 08:03 AM

Close the thread. Customer wants their PC back and cannot wait 5 days. With that amount of time I might as well not waste my time on here and format the PC. Time is money and the customer should not have to pay for it.

All I am requesting is the fixlist.txt file for FRST

 


Edited by Stickyittoyou, 09 July 2014 - 12:00 PM.


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:43 AM

Posted 09 July 2014 - 01:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users