Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible zeroaccess infection . . many pop ups


  • This topic is locked This topic is locked
16 replies to this topic

#1 TomHQuick1969

TomHQuick1969

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 September 2014 - 11:49 AM

I have been working on a computer for a friends daughter trying to rid it of some nasties.  They brought it to me after having it "fixed" by Best Buy.  The issues they reported were very slow operation, and tons of pop up web pages.  Indeed, the pop up pages were so bad I had to disable the internet connection in order to be able to do anything on the computer.

 

I've removed many virus / trojan infections in the past, and went at this like all the rest.  i got the latest versions of Rkill, and Malwarebytes, and ran both.  Rkill reported signs of a zeroaccess rootkit infection.  Malwarebytes did it's thing, but the pop up windows continued.

 

I then booted the computer off my USB rescue key, into Linux and ran Kaspersky rescue on it.  That also identfied, and deleted a number of files. I shut the machine down, booted back into Windows, but the problems persist.

 

At that point I decided I might need some guidance on this one.  I downloaded DDS and ran it, but it hangs.  I restarted in safe mode, and tried DDS again, with the same result.  A quick web search for DDS hanging brought up a thread here where the suggestion was made to try running OTL.  Since I didn't see much of a point in posting here without having any kind of log file to offer, I ran OTL.

 

 

OTL main log file

 

 

OTL logfile created on: 9/9/2014 12:25:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.63% Memory free
7.60 Gb Paging File | 5.92 Gb Available in Paging File | 77.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.90 Gb Total Space | 215.38 Gb Free Space | 75.60% Space Free | Partition Type: NTFS
Drive F: | 29.80 Gb Total Space | 29.00 Gb Free Space | 97.32% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/09 12:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/08/22 16:33:15 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\browser.exe
PRC - [2014/08/18 13:51:13 | 000,089,125 | ---- | M] () -- C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe
PRC - [2014/07/26 20:29:39 | 000,060,965 | ---- | M] () -- C:\Windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe
PRC - [2014/07/26 20:28:56 | 000,071,680 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/05/08 09:48:48 | 000,041,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
PRC - [2010/03/18 16:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/24 05:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/22 16:33:15 | 008,537,928 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\36.0.1985.143\pdf.dll
MOD - [2014/08/22 16:33:15 | 001,732,936 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/08/22 16:33:15 | 000,718,152 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\36.0.1985.143\libglesv2.dll
MOD - [2014/08/22 16:33:15 | 000,353,096 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/22 16:33:15 | 000,126,280 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\ValidatorPale\ValidatorPale\36.0.1985.143\libegl.dll
MOD - [2014/08/22 16:32:14 | 000,301,568 | ---- | M] () -- C:\Users\Owner\AppData\Local\GameOptional\GameOptional.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2010/09/28 16:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 23:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 21:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/08/18 13:51:13 | 000,089,125 | ---- | M] () [Auto | Start_Pending] -- C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe -- (DLCPrivacyScrolling.exe)
SRV - [2014/07/26 20:29:39 | 000,060,965 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe -- (CompileDirectXDock)
SRV - [2014/07/26 20:28:56 | 000,071,680 | ---- | M] () [Auto | Running] -- C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)
SRV - [2014/07/09 09:15:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 16:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 13:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\98A7.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/17 04:33:02 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/09/17 04:33:02 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/09/17 04:33:02 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/09/17 04:33:02 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/07/29 09:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/31 03:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 17:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 22:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/12 19:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/02/09 01:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{866D4A3F-8C29-4992-920A-EEFE26FC9B5C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=a9396-120&apn_uid=6345222003854008&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {E398C677-7F39-4643-912B-2631D0684E6F}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {E398C677-7F39-4643-912B-2631D0684E6F}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?gws_rd=ssl [binary data]
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/#!/
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\URLSearchHook: {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - No CLSID value found
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M969E21A7-34AE-41A5-BCFC-C796D354ABA3&SearchSource=58&CUI=&UM=6&UP=SPB485C4A2-D0DB-4FF5-8B68-38842D73578C&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\SearchScopes\{505E14A9-D9B7-44AB-8CF4-2F1CF9B68720}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS416
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29121
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ReadingFanatic_6x.com/Plugin: C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2013/01/20 21:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\6xffxtbr@ReadingFanatic_6x.com: C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin [2014/09/07 12:19:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{73f58f76-2abf-4927-8c1c-5f98500e0bb8}: C:\Program Files (x86)\Re-markit\136.xpi
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =  
CHR - default_search_provider: suggest_url =  
CHR - homepage: http://start.toshiba.com/g/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Quick start = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\5acc50\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (CostMin) - {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} - C:\Program Files (x86)\CostMin\b.x64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Search Assistant BHO) - {2d948797-8fe3-4508-9b6f-4bf349a9ea34} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
O2 - BHO: (CostMin) - {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} - C:\Program Files (x86)\CostMin\b.dll ()
O2 - BHO: (Diigo Single Button Helper) - {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} - C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Toolbar BHO) - {f149b372-5830-4d88-b8f6-2853d12c1af5} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ReadingFanatic) - {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [fst_us_180] "C:\Program Files (x86)\fst_us_180\fst_us_180.exe" File not found
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000..\Run: [GameOptional] C:\Users\Owner\AppData\Local\GameOptional\GameOptional.dll ()
O4 - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000..\Run: [iMesh] C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (iMesh, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {09f3533b-558a-7075-45e6-d509d1f1a025} = "C:\ProgramData\Microsoft\{09f3533b-558a-7075-45e6-d509d1f1a025}\{09f3533b-558a-7075-45e6-d509d1f1a025}.exe"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Diigo - {45F81841-7E83-42cb-ACEB-7E53A69970CA} - C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EFED58A-50C1-4451-B51B-A12E38F47F8C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL) - C:\Program Files (x86)\Supporter\Supporter_x64.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll) -  File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll) -  File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/09 12:20:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/09/09 12:04:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2014/09/09 12:03:44 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\iexplore.exe
[2014/09/08 09:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegularDEaLs
[2014/09/08 09:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiGiSaVer
[2014/09/08 09:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MMInnimumPRice
[2014/09/08 09:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JooniiCaoiupoon
[2014/09/07 12:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DiGiSaVer
[2014/09/07 11:33:35 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/07 11:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/07 11:32:09 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/09/07 11:32:09 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/09/07 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/07 11:30:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rkill
[2014/09/07 11:21:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2014/08/22 16:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\JooniiCaoiupoon
[2014/08/22 16:32:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\GameOptional
[2014/08/22 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/22 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/22 14:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/22 14:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/22 14:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/18 14:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MMInnimumPRice
[2014/08/18 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RegularDEaLs
[2014/08/18 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2014/08/18 13:51:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DLCPrivacyScrolling
[2014/08/18 13:50:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2014/08/18 13:50:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2014/07/26 20:36:09 | 000,575,544 | ---- | C] (ClickMeIn Limited) -- C:\Users\Owner\AppData\Local\AnyProtectScannerSetup.exe
[8 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/09 12:24:30 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/09 12:24:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/09/09 12:23:44 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/09 12:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/09/09 12:06:58 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/09 12:06:58 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/09 11:48:58 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2014/09/09 11:40:13 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/09 11:16:59 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/09/08 11:31:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/08 11:21:56 | 000,000,000 | ---- | M] () -- C:\windows\ToDisc.INI
[2014/09/08 10:10:21 | 000,742,078 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/09/08 10:10:21 | 000,635,932 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/09/08 10:10:21 | 000,110,616 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/09/08 10:06:46 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\iexplore.exe
[2014/09/08 09:56:11 | 000,002,072 | ---- | M] () -- C:\Users\Owner\Desktop\Search.lnk
[2014/09/08 09:56:03 | 000,001,452 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/08 06:36:30 | 000,000,378 | ---- | M] () -- C:\windows\tasks\APSnotifierPP1.job
[2014/09/07 11:33:36 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/07 11:32:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/07 11:18:07 | 000,000,211 | ---- | M] () -- C:\Users\Owner\Desktop\rk-proxy.reg
[2014/08/22 14:56:57 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/22 14:39:05 | 000,000,314 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
[2014/08/18 14:23:03 | 000,070,185 | ---- | M] () -- C:\Users\Owner\Documents\falls.jpg
[2014/08/18 14:09:19 | 000,212,563 | ---- | M] () -- C:\Users\Owner\Documents\om.jpg
[2014/08/18 13:50:37 | 000,156,948 | ---- | M] () -- C:\ResPack3.bin
[8 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/08 11:21:56 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2014/09/07 11:32:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/07 11:18:06 | 000,000,211 | ---- | C] () -- C:\Users\Owner\Desktop\rk-proxy.reg
[2014/08/22 14:56:57 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/18 14:23:26 | 000,070,185 | ---- | C] () -- C:\Users\Owner\Documents\falls.jpg
[2014/08/18 14:10:46 | 000,212,563 | ---- | C] () -- C:\Users\Owner\Documents\om.jpg
[2014/08/18 13:50:36 | 000,156,948 | ---- | C] () -- C:\ResPack3.bin
[2014/07/26 20:40:48 | 000,000,314 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
[2014/07/26 20:29:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/15 22:18:24 | 000,000,272 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm
[2013/02/09 18:56:11 | 000,149,580 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
 
========== ZeroAccess Check ==========
 
[2011/11/17 03:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@
[2011/11/17 03:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L
[2013/06/29 10:18:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U
[2013/06/27 07:45:55 | 000,000,912 | ---- | M] () -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000001.@
[2013/06/29 10:18:27 | 000,044,032 | ---- | M] () -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000000.@
[2013/04/15 16:29:38 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\800000cb.@
[2013/06/29 13:35:03 | 000,002,048 | -HS- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@
[2011/11/17 03:14:10 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L
[2013/12/06 17:51:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U
[2013/12/06 17:51:34 | 000,000,768 | ---- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000001.@
[2013/12/06 17:51:34 | 000,000,768 | ---- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000002.@
[2013/12/06 17:51:34 | 000,004,096 | ---- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000000.@
[2013/12/06 17:51:35 | 000,004,096 | ---- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000001.@
[2013/12/06 17:51:34 | 000,004,096 | ---- | M] () -- C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\800000cb.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 05:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/18 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\5acc50
[2014/06/19 12:53:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\784A
[2011/03/08 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2013/06/11 16:42:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Cyuv
[2014/07/26 20:19:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\device
[2012/12/08 12:18:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Imuv
[2014/07/26 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\serv
[2011/02/27 09:40:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2014/07/26 20:28:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOPackage
[2014/01/04 13:03:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wiecty
[2011/01/27 10:16:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >

 

 

 

OTL Extras log file

 

 

OTL Extras logfile created on: 9/9/2014 12:25:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.63% Memory free
7.60 Gb Paging File | 5.92 Gb Available in Paging File | 77.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.90 Gb Total Space | 215.38 Gb Free Space | 75.60% Space Free | Partition Type: NTFS
Drive F: | 29.80 Gb Total Space | 29.00 Gb Free Space | 97.32% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244B887F-5A23-4C4D-9495-0D34D185152C}" = Diigo Single Button
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}" = Supporter 1.80
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75939021-3B68-419D-8DC1-E9823BFF9658}" = Google Drive
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92109C97-2662-4353-9386-B64309F595C9}" = Snap.Do
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco Connect" = Cisco Connect
"DMUninstaller" = DMUninstaller
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"fst_us_180_is1" = FreeSoftToday 025.180
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ReadingFanatic_6xbar Uninstall Firefox" = ReadingFanatic Firefox Toolbar
"ReadingFanatic_6xbar Uninstall Internet Explorer" = ReadingFanatic Internet Explorer Toolbar
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Speed Dial Utility" = Canon Speed Dial Utility
"VOPackage" = Remote Desktop Access (VuuPC)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2640718784-3385718997-3073930265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Circuit Construction Kit (AC+DC)" = Circuit Construction Kit (AC+DC)
"Electric Field Hockey" = Electric Field Hockey
"Wave Interference" = Wave Interference
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/9/2014 11:49:25 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 304296
 
Error - 9/9/2014 11:49:26 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/9/2014 11:49:26 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 305310
 
Error - 9/9/2014 11:49:26 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 305310
 
Error - 9/9/2014 11:49:27 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/9/2014 11:49:27 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 306308
 
Error - 9/9/2014 11:49:27 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 306308
 
Error - 9/9/2014 12:24:39 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =  
 
Error - 9/9/2014 12:24:54 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time
 stamp: 0x5339cec3  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time
 stamp: 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process
 id: 0x910  Faulting application start time: 0x01cfcc4a8cd8d7bb  Faulting application
 path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe  Faulting
 module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report
 Id: d43edcc6-383d-11e4-a121-60eb69910ef5
 
Error - 9/9/2014 12:25:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iMesh.exe, version: 12.0.0.0, time stamp:
 0x51c849cb  Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp:
 0x4ec49d10  Exception code: 0xc0000005  Fault offset: 0x0002e3c6  Faulting process id:
 0x878  Faulting application start time: 0x01cfcc4a895e272e  Faulting application path:
 C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe  Faulting module path:  
C:\windows\SysWOW64\ntdll.dll  Report Id: d86ba6a1-383d-11e4-a121-60eb69910ef5
 
Error - 9/9/2014 12:25:11 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 3.0.2.0, time
 stamp: 0x5318d363  Faulting module name: mbamservice.exe, version: 3.0.2.0, time  
stamp: 0x5318d363  Exception code: 0x40000015  Fault offset: 0x0007da8a  Faulting process
 id: 0xb44  Faulting application start time: 0x01cfcc4a976d507f  Faulting application
 path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Faulting  
module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Report
 Id: de50edec-383d-11e4-a121-60eb69910ef5
 
[ System Events ]
Error - 9/9/2014 12:24:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The ControlDatabaseSamba.exe service failed to start due to the following
 error:   %%2
 
Error - 9/9/2014 12:24:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 9/9/2014 12:24:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 9/9/2014 12:24:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 9/9/2014 12:24:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 9/9/2014 12:26:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description = The CompileDirectXDock service hung on starting.
 
Error - 9/9/2014 12:26:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description = The DLCPrivacyScrolling.exe service hung on starting.
 
Error - 9/9/2014 12:26:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 9/9/2014 12:26:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   dvky
 
Error - 9/9/2014 12:28:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
 
< End of report >

 

Thanks in advance to whoever takes up my case and helps!



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 09 September 2014 - 11:52 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 September 2014 - 11:59 AM

Oh hell, sorry I posted that so many times.  On my end it kept telling me the website was down, so I tried again.  Damn.



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 09 September 2014 - 12:11 PM

No problem, I closed the other threads. We continue to work in this one.
Please start with a FRST scan as described above.

#5 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 September 2014 - 12:17 PM

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Owner (administrator) on OWNER-PC on 09-09-2014 13:10:56
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe
() C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\SelectRebates\SelectRebates.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\Owner\AppData\Local\Idle~Crawler\Idle~Crawler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\AppDatabasePerl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Users\Owner\AppData\Local\IDLE~C~1\firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192008 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1094992 2010-09-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [SelectRebates] => C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_us_180] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [{09f3533b-558a-7075-45e6-d509d1f1a025}] => "C:\ProgramData\Microsoft\{09f3533b-558a-7075-45e6-d509d1f1a025}\{09f3533b-558a-7075-45e6-d509d1f1a025}.exe" No File
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [iMesh] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31020056 2013-06-24] (iMesh, Inc)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-15] (Google Inc.)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [GameOptional] => C:\windows\system32\rundll32.exe "C:\Users\Owner\AppData\Local\GameOptional\GameOptional.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n. ATTENTION! ====> ZeroAccess/Alureon?
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-07-26] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:34538
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/#!/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKLM - {866D4A3F-8C29-4992-920A-EEFE26FC9B5C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=a9396-120&apn_uid=6345222003854008&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
SearchScopes: HKLM-x32 - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =  
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M969E21A7-34AE-41A5-BCFC-C796D354ABA3&SearchSource=58&CUI=&UM=6&UP=SPB485C4A2-D0DB-4FF5-8B68-38842D73578C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M969E21A7-34AE-41A5-BCFC-C796D354ABA3&SearchSource=58&CUI=&UM=6&UP=SPB485C4A2-D0DB-4FF5-8B68-38842D73578C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {505E14A9-D9B7-44AB-8CF4-2F1CF9B68720} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS416
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: CostMin -> {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} -> C:\Program Files (x86)\CostMin\b.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Search Assistant BHO -> {2d948797-8fe3-4508-9b6f-4bf349a9ea34} -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
BHO-x32: CostMin -> {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} -> C:\Program Files (x86)\CostMin\b.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Toolbar BHO -> {f149b372-5830-4d88-b8f6-2853d12c1af5} -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ReadingFanatic - {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ReadingFanatic_6x.com/Plugin -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2013-01-20]
FF HKLM-x32\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin
FF Extension: ReadingFanatic - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin [2013-08-24]
FF HKCU\...\Firefox\Extensions: [{73f58f76-2abf-4927-8c1c-5f98500e0bb8}] - C:\Program Files (x86)\Re-markit\136.xpi
 
Chrome:  
=======
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CompileDirectXDock; C:\windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe [60965 2014-07-26] () [File not signed]
R2 DLCPrivacyScrolling.exe; C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe [89125 2014-08-18] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 ClassOpenSnapshot.exe; C:\Users\Owner\AppData\Local\ClassOpenSnapshot\ClassOpenSnapshot.exe [X]
S2 ControlDatabaseSamba.exe; C:\Users\Owner\AppData\Local\ControlDatabaseSamba\ControlDatabaseSamba.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MEMSWEEP2; C:\windows\system32\98A7.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S0 dvky; System32\drivers\tdlgpj.sys [X]
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X]
S3 RgFltX64; \??\C:\Users\Owner\AppData\Local\ControlDatabaseSamba\RgFltX64.sys [X]
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 13:10 - 2014-09-09 13:12 - 00026215 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-09 13:10 - 2014-09-09 12:59 - 02105344 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-09 13:01 - 2014-09-09 13:11 - 00000000 ____D () C:\FRST
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 12:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 12:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-09 12:48 - 2014-09-09 12:48 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-09 12:38 - 2014-09-09 12:38 - 00050068 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-09-09 12:36 - 2014-09-09 12:36 - 00108558 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-09-09 12:20 - 2014-09-09 12:19 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 12:04 - 2014-09-09 11:48 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-09 12:03 - 2014-09-08 10:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\iexplore.exe
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-08 09:56 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files (x86)\RegularDEaLs
2014-09-08 09:53 - 2014-09-08 09:53 - 00000000 ____D () C:\Program Files (x86)\DiGiSaVer
2014-09-08 09:51 - 2014-09-08 09:51 - 00000000 ____D () C:\Program Files (x86)\MMInnimumPRice
2014-09-08 09:50 - 2014-09-08 09:50 - 00000000 ____D () C:\Program Files (x86)\JooniiCaoiupoon
2014-09-08 06:15 - 2014-09-08 06:15 - 00002828 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2014-09-07 12:27 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\98A7.tmp
2014-09-07 12:25 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\FD8.tmp
2014-09-07 12:15 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\DiGiSaVer
2014-09-07 11:30 - 2014-09-08 10:11 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-09-07 11:28 - 2014-09-08 10:13 - 00006366 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-09-07 11:18 - 2014-09-07 11:18 - 00000211 _____ () C:\Users\Owner\Desktop\rk-proxy.reg
2014-09-07 11:17 - 2014-09-08 10:11 - 00000312 _____ () C:\rkill.log
2014-08-22 16:52 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\JooniiCaoiupoon
2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\GameOptional
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 14:23 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\MMInnimumPRice
2014-08-18 14:07 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\RegularDEaLs
2014-08-18 13:53 - 2014-08-18 13:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-08-18 13:51 - 2014-08-18 13:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 13:12 - 2014-09-09 13:10 - 00026215 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-09 13:11 - 2014-09-09 13:01 - 00000000 ____D () C:\FRST
2014-09-09 13:01 - 2014-07-26 20:29 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-09 13:01 - 2013-10-22 19:26 - 00017648 _____ () C:\windows\setupact.log
2014-09-09 13:01 - 2010-10-15 00:04 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 13:01 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-09 13:00 - 2014-01-04 13:05 - 00604782 _____ () C:\windows\PFRO.log
2014-09-09 12:59 - 2014-09-09 13:10 - 02105344 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2011-03-23 19:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-09 12:51 - 2010-10-15 00:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-09 12:48 - 2014-09-09 12:48 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-09 12:46 - 2011-01-27 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-09 12:40 - 2010-10-15 00:04 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:38 - 2014-09-09 12:38 - 00050068 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-09-09 12:36 - 2014-09-09 12:36 - 00108558 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-09-09 12:34 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:34 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:19 - 2014-09-09 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 11:48 - 2014-09-09 12:04 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-09 11:22 - 2010-10-15 00:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-09 11:21 - 2011-01-28 17:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-09 11:16 - 2013-11-14 02:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-08 10:22 - 2014-09-07 12:15 - 00000000 ____D () C:\ProgramData\DiGiSaVer
2014-09-08 10:22 - 2014-08-22 16:52 - 00000000 ____D () C:\ProgramData\JooniiCaoiupoon
2014-09-08 10:22 - 2014-08-18 14:23 - 00000000 ____D () C:\ProgramData\MMInnimumPRice
2014-09-08 10:22 - 2014-08-18 14:07 - 00000000 ____D () C:\ProgramData\RegularDEaLs
2014-09-08 10:18 - 2009-07-14 01:08 - 00032542 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 10:13 - 2014-09-07 11:28 - 00006366 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-09-08 10:11 - 2014-09-07 11:30 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-09-08 10:11 - 2014-09-07 11:17 - 00000312 _____ () C:\rkill.log
2014-09-08 10:10 - 2009-07-14 01:13 - 00742078 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 10:06 - 2014-09-09 12:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\iexplore.exe
2014-09-08 09:56 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files (x86)\RegularDEaLs
2014-09-08 09:56 - 2014-07-26 20:29 - 00000000 ____D () C:\ProgramData\c6050c2c69423a02
2014-09-08 09:56 - 2013-12-16 23:42 - 00002170 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-08 09:56 - 2013-12-16 23:42 - 00002072 _____ () C:\Users\Owner\Desktop\Search.lnk
2014-09-08 09:56 - 2012-03-24 10:00 - 00001424 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:56 - 2011-01-27 10:17 - 00001458 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 09:53 - 2014-09-08 09:53 - 00000000 ____D () C:\Program Files (x86)\DiGiSaVer
2014-09-08 09:53 - 2013-12-16 23:42 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-08 09:51 - 2014-09-08 09:51 - 00000000 ____D () C:\Program Files (x86)\MMInnimumPRice
2014-09-08 09:50 - 2014-09-08 09:50 - 00000000 ____D () C:\Program Files (x86)\JooniiCaoiupoon
2014-09-08 06:36 - 2014-07-26 20:38 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-09-08 06:15 - 2014-09-08 06:15 - 00002828 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2014-09-07 12:19 - 2014-07-26 20:29 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-09-07 12:19 - 2011-04-05 16:03 - 00000000 ____D () C:\windows\Sun
2014-09-07 11:32 - 2014-01-04 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 11:18 - 2014-09-07 11:18 - 00000211 _____ () C:\Users\Owner\Desktop\rk-proxy.reg
2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\GameOptional
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 14:45 - 2013-02-09 18:23 - 00000000 ____D () C:\ProgramData\Apple
2014-08-22 14:42 - 2013-11-25 19:41 - 00010377 _____ () C:\windows\WindowsUpdate.log
2014-08-22 14:39 - 2014-07-26 20:40 - 00000314 _____ () C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
2014-08-18 13:53 - 2014-08-18 13:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-08-18 13:51 - 2014-08-18 13:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-18 13:44 - 2014-07-26 20:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Idle~Crawler
 
ZeroAccess:
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000001.@
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000000.@
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\800000cb.@
 
ZeroAccess:
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000001.@
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000002.@
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000000.@
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000001.@
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\800000cb.@
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\0003.dll
C:\Users\Owner\AppData\Local\Temp\0568.dll
C:\Users\Owner\AppData\Local\Temp\anifk.dll
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Owner\AppData\Local\Temp\D2M-Precheck.exe
C:\Users\Owner\AppData\Local\Temp\Delta.exe
C:\Users\Owner\AppData\Local\Temp\DeltaTB.exe
C:\Users\Owner\AppData\Local\Temp\down.5996.setupbc.exe
C:\Users\Owner\AppData\Local\Temp\e.dll
C:\Users\Owner\AppData\Local\Temp\exacjuj.dll
C:\Users\Owner\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Owner\AppData\Local\Temp\nsaD554.exe
C:\Users\Owner\AppData\Local\Temp\nsf8109.exe
C:\Users\Owner\AppData\Local\Temp\nsk878F.exe
C:\Users\Owner\AppData\Local\Temp\nskDD7F.exe
C:\Users\Owner\AppData\Local\Temp\OptimizerPro_20140714.exe
C:\Users\Owner\AppData\Local\Temp\setup__9376.exe
C:\Users\Owner\AppData\Local\Temp\sp-downloader.exe
C:\Users\Owner\AppData\Local\Temp\Sys_Drivepp.exe
C:\Users\Owner\AppData\Local\Temp\Tsu8178760E.dll
C:\Users\Owner\AppData\Local\Temp\utqetll.dll
C:\Users\Owner\AppData\Local\Temp\v-bates.exe
C:\Users\Owner\AppData\Local\Temp\vfaa.dll
C:\Users\Owner\AppData\Local\Temp\WSSetup.exe
C:\Users\Owner\AppData\Local\Temp\xhamg.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-21 17:54
 
==================== End Of Log ============================

 

 

 

 

 

Addition

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Owner at 2014-09-09 13:13:41
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Circuit Construction Kit (AC+DC) (HKCU\...\Circuit Construction Kit (AC+DC)) (Version:  - University of Colorado, Department of Physics)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D0AC5F9F-1043-4569-ACE3-67EE990EB0E6}) (Version:  - Microsoft)
Diigo Single Button (HKLM-x32\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Electric Field Hockey (HKCU\...\Electric Field Hockey) (Version:  - University of Colorado, Department of Physics)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
ReadingFanatic Firefox Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Firefox) (Version:  - Mindspark Interactive Network) <==== ATTENTION
ReadingFanatic Internet Explorer Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
ShopAtHome.com Toolbar (HKLM-x32\...\SelectRebatesUninstall) (Version:  - )
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - Costmin) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
TOSHIBA Hardware Setup (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
TOSHIBA Supervisor Password (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro™ Titanium™ (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{28FAC187-7C0E-413A-B90A-76F19D0FBF30}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Wave Interference (HKCU\...\Wave Interference) (Version:  - University of Colorado, Department of Physics)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2640718784-3385718997-3073930265-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n. No File
 
==================== Restore Points  =========================
 
09-09-2014 16:51:15 Removed Windows Live Mesh ActiveX Control for Remote Connections
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {106312A4-2AC0-49CA-84AD-7322AFDA361B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1D5AD18C-C454-4B02-87E2-C6ADFC798787} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7820DD76-9867-4A5A-B4A6-12D9B069DB7C} - System32\Tasks\Idle~Crawler Runner => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe <==== ATTENTION
Task: {A5A33BFD-06C1-4EC4-8031-3C3A10662397} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe <==== ATTENTION
Task: {DDB663D1-D292-4946-8B9A-50D4B421B99C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-20 21:13 - 2010-09-17 04:32 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2013-01-20 21:13 - 2010-09-17 04:32 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2013-01-20 21:13 - 2010-09-17 04:32 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2010-09-17 04:32 - 2010-09-17 04:32 - 00288864 ____N () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-07-26 20:29 - 2014-07-26 20:29 - 00060965 _____ () C:\windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe
2014-08-18 13:51 - 2014-08-18 13:51 - 00089125 _____ () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-14 23:53 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-07-26 20:29 - 2014-07-26 20:29 - 04365824 _____ () C:\Program Files (x86)\Supporter\Supporter_x64.dll
2011-07-20 15:06 - 2010-11-01 15:15 - 00886752 _____ () C:\Program Files (x86)\SelectRebates\SelectRebates.exe
2014-07-24 09:05 - 2014-07-24 09:05 - 00099840 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Idle~Crawler.exe
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-18 13:51 - 2014-08-18 13:51 - 00174117 _____ () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\AppDatabasePerl.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-16 15:23 - 2013-06-24 09:31 - 03218968 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll
2013-07-16 15:23 - 2013-06-24 09:31 - 00033304 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll
2013-07-16 15:23 - 2013-06-24 09:31 - 00447512 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll
2013-07-16 15:23 - 2013-06-24 09:31 - 01537560 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx
2013-07-16 15:23 - 2013-06-24 09:31 - 00156184 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll
2014-08-22 16:32 - 2014-08-22 16:32 - 00301568 _____ () C:\Users\Owner\AppData\Local\GameOptional\GameOptional.dll
2014-07-24 09:05 - 2014-07-24 09:05 - 00060416 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Modules\ManXec.dll
2014-07-24 09:05 - 2014-07-24 09:05 - 00039936 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Modules\PrfIns.dll
2014-07-24 09:05 - 2014-07-24 09:05 - 00047616 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Modules\WbSes.dll
2014-07-24 09:05 - 2014-07-24 09:05 - 00046592 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Modules\WdcMan.dll
2014-07-24 09:05 - 2014-07-24 09:05 - 00039424 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\Modules\WblSupp.dll
2014-08-18 13:51 - 2014-07-08 10:22 - 00095232 _____ () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\qjson0.dll
2014-08-18 13:44 - 2014-06-06 00:38 - 03852912 _____ () C:\Users\Owner\AppData\Local\Idle~Crawler\firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: rtl8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 01:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d3c
 
Start Time: 01cfcc4fc074a6cf
 
Termination Time: 2
 
Application Path: F:\FRST64.exe
 
Report Id: 1c776073-3844-11e4-99b0-60eb69910ef5
 
Error: (09/09/2014 01:01:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 00:56:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1490
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/09/2014 00:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xaf4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/09/2014 00:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xb44
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (09/09/2014 00:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iMesh.exe, version: 12.0.0.0, time stamp: 0x51c849cb
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x0002e3c6
Faulting process id: 0x878
Faulting application start time: 0xiMesh.exe0
Faulting application path: iMesh.exe1
Faulting module path: iMesh.exe2
Report Id: iMesh.exe3
 
Error: (09/09/2014 00:24:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x910
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (09/09/2014 00:24:39 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 11:49:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 306308
 
Error: (09/09/2014 11:49:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 306308
 
 
System errors:
=============
Error: (09/09/2014 01:07:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.
 
Error: (09/09/2014 01:05:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:  
%%2
 
Error: (09/09/2014 01:02:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  
dvky
 
Error: (09/09/2014 01:02:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The DLCPrivacyScrolling.exe service hung on starting.
 
Error: (09/09/2014 01:02:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CompileDirectXDock service hung on starting.
 
Error: (09/09/2014 01:01:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 01:01:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 01:01:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ControlDatabaseSamba.exe service failed to start due to the following error:  
%%2
 
Error: (09/09/2014 01:01:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ClassOpenSnapshot.exe service failed to start due to the following error:  
%%2
 
Error: (09/09/2014 01:01:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:  
%%1060
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 01:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe7.9.2014.0d3c01cfcc4fc074a6cf2F:\FRST64.exe1c776073-3844-11e4-99b0-60eb69910ef5
 
Error: (09/09/2014 01:01:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 00:56:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd149001cfcc4efff20ccbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3f422449-3842-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf401cfcc4eac02d1b9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlleb335ce6-3841-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ab4401cfcc4a976d507fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exede50edec-383d-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iMesh.exe12.0.0.051c849cbntdll.dll6.1.7600.169154ec49d10c00000050002e3c687801cfcc4a895e272eC:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exeC:\windows\SysWOW64\ntdll.dlld86ba6a1-383d-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:24:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd91001cfcc4a8cd8d7bbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlld43edcc6-383d-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:24:39 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 11:49:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 306308
 
Error: (09/09/2014 11:49:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 306308
 
 
==================== Memory info ===========================  
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 55%
Total physical RAM: 3893.86 MB
Available physical RAM: 1738.82 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 6497.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:214.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:29.8 GB) (Free:29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 38A39E6A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: ED8CE05C)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)
 
==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 09 September 2014 - 01:08 PM

There is a ton of junk running on this computer indeed..
Let's get rid of it:


Step 1

Please download this attached Attached File  fixlist.txt   11.04KB   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#7 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 September 2014 - 03:51 PM

Progress has been made for sure, the pop ups have stopped, which makes it much easier to work on the computer.

 

FRST FixLog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Owner at 2014-09-09 15:42:27 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [SelectRebates] => C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
C:\Program Files (x86)\SelectRebates
HKLM-x32\...\Run: [fst_us_180] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
C:\Program Files (x86)\AnyProtectEx
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{09f3533b-558a-7075-45e6-d509d1f1a025}] => "C:\ProgramData\Microsoft\{09f3533b-558a-7075-45e6-d509d1f1a025}\{09f3533b-558a-7075-45e6-d509d1f1a025}.exe" No File
C:\ProgramData\Microsoft\{09f3533b-558a-7075-45e6-d509d1f1a025}
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [GameOptional] => C:\windows\system32\rundll32.exe "C:\Users\Owner\AppData\Local\GameOptional\GameOptional.dll",DllRegisterServer <===== ATTENTION
C:\Users\Owner\AppData\Local\GameOptional
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n. ATTENTION! ====> ZeroAccess/Alureon?
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-07-26] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
C:\Program Files (x86)\Supporter
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:34538
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1406420887&from=ymb&uid=HitachiXHTS545032B9A300_101021PBNC04EYE6BBMSX
C:\Program Files (x86)\ReadingFanatic_6x
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=a9396-120&apn_uid=6345222003854008&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =   
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M969E21A7-34AE-41A5-BCFC-C796D354ABA3&SearchSource=58&CUI=&UM=6&UP=SPB485C4A2-D0DB-4FF5-8B68-38842D73578C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=a711e300-6122-ff94-8c3c-b5b748350f88&searchtype=ds&q={searchTerms}&installDate=16/12/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M969E21A7-34AE-41A5-BCFC-C796D354ABA3&SearchSource=58&CUI=&UM=6&UP=SPB485C4A2-D0DB-4FF5-8B68-38842D73578C&q={searchTerms}&SSPV=
BHO: CostMin -> {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} -> C:\Program Files (x86)\CostMin\b.x64.dll ()
C:\Program Files (x86)\CostMin
BHO-x32: Search Assistant BHO -> {2d948797-8fe3-4508-9b6f-4bf349a9ea34} -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
BHO-x32: CostMin -> {36E36218-3757-3A7D-D1F2-E92AD8DCB68D} -> C:\Program Files (x86)\CostMin\b.dll ()
BHO-x32: Toolbar BHO -> {f149b372-5830-4d88-b8f6-2853d12c1af5} -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - ReadingFanatic - {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF Plugin-x32: @ReadingFanatic_6x.com/Plugin -> C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll (MindSpark)
FF Extension: ReadingFanatic - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin [2013-08-24]
FF HKCU\...\Firefox\Extensions: [{73f58f76-2abf-4927-8c1c-5f98500e0bb8}] - C:\Program Files (x86)\Re-markit\136.xpi
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx []
R2 CompileDirectXDock; C:\windows\SysWOW64\CompileDirectXDock\CompileDirectXDock.exe [60965 2014-07-26] () [File not signed]
R2 DLCPrivacyScrolling.exe; C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe [89125 2014-08-18] () [File not signed]
C:\windows\SysWOW64\CompileDirectXDock
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling
S2 ClassOpenSnapshot.exe; C:\Users\Owner\AppData\Local\ClassOpenSnapshot\ClassOpenSnapshot.exe [X]
S2 ControlDatabaseSamba.exe; C:\Users\Owner\AppData\Local\ControlDatabaseSamba\ControlDatabaseSamba.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Users\Owner\AppData\Local\ClassOpenSnapshot
C:\Users\Owner\AppData\Local\ControlDatabaseSamba
2014-09-08 09:56 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files (x86)\RegularDEaLs
2014-09-08 09:53 - 2014-09-08 09:53 - 00000000 ____D () C:\Program Files (x86)\DiGiSaVer
2014-09-08 09:51 - 2014-09-08 09:51 - 00000000 ____D () C:\Program Files (x86)\MMInnimumPRice
2014-09-08 09:50 - 2014-09-08 09:50 - 00000000 ____D () C:\Program Files (x86)\JooniiCaoiupoon
2014-09-07 12:15 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\DiGiSaVer
2014-08-22 16:52 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\JooniiCaoiupoon
2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\GameOptional
2014-08-18 14:23 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\MMInnimumPRice
2014-08-18 14:07 - 2014-09-08 10:22 - 00000000 ____D () C:\ProgramData\RegularDEaLs
2014-08-18 13:53 - 2014-08-18 13:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-08-18 13:51 - 2014-08-18 13:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\DLCPrivacyScrolling
2014-09-08 09:56 - 2014-07-26 20:29 - 00000000 ____D () C:\ProgramData\c6050c2c69423a02
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}
Task: {1D5AD18C-C454-4B02-87E2-C6ADFC798787} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7820DD76-9867-4A5A-B4A6-12D9B069DB7C} - System32\Tasks\Idle~Crawler Runner => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe <==== ATTENTION
Task: {A5A33BFD-06C1-4EC4-8031-3C3A10662397} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Users\Owner\AppData\Local\Idle~Crawler
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SelectRebates => value deleted successfully.
C:\Program Files (x86)\SelectRebates => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_180 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{09f3533b-558a-7075-45e6-d509d1f1a025} => value deleted successfully.
C:\ProgramData\Microsoft\{09f3533b-558a-7075-45e6-d509d1f1a025} => Moved successfully.
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GameOptional => value deleted successfully.
C:\Users\Owner\AppData\Local\GameOptional => Moved successfully.
"HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
" C:\PROGRA~3\Wincert\WIN64C~1.DLL" => Value Data removed successfully.
" C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll" => Value Data removed successfully.
" C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
" c:\progra~3\wincert\win32c~1.dll" => Value Data removed successfully.
C:\Program Files (x86)\Supporter => Moved successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{421fb3de-4b9f-48e5-abf1-f96f8aaca70a} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{421fb3de-4b9f-48e5-abf1-f96f8aaca70a}" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Program Files (x86)\ReadingFanatic_6x => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36E36218-3757-3A7D-D1F2-E92AD8DCB68D}" => Key deleted successfully.
"HKCR\CLSID\{36E36218-3757-3A7D-D1F2-E92AD8DCB68D}" => Key deleted successfully.
C:\Program Files (x86)\CostMin => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d948797-8fe3-4508-9b6f-4bf349a9ea34}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2d948797-8fe3-4508-9b6f-4bf349a9ea34}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36E36218-3757-3A7D-D1F2-E92AD8DCB68D}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{36E36218-3757-3A7D-D1F2-E92AD8DCB68D}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f149b372-5830-4d88-b8f6-2853d12c1af5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f149b372-5830-4d88-b8f6-2853d12c1af5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b36151d1-7770-4480-87e4-f89fb54e173d} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{b36151d1-7770-4480-87e4-f89fb54e173d}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ReadingFanatic_6x.com/Plugin" => Key deleted successfully.
C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll not found.
C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{73f58f76-2abf-4927-8c1c-5f98500e0bb8} => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully.
"C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx" => File/Directory not found.
CompileDirectXDock => Unable to stop service
CompileDirectXDock => Service deleted successfully.
DLCPrivacyScrolling.exe => Unable to stop service
DLCPrivacyScrolling.exe => Service deleted successfully.
C:\windows\SysWOW64\CompileDirectXDock => Moved successfully.
 
"C:\Users\Owner\AppData\Local\DLCPrivacyScrolling" directory move:
 
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\AppDatabasePerl.exe => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\msvcp100.dll => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\msvcr100.dll => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\qjson0.dll => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\QtCore4.dll => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\QtNetwork4.dll => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-680)-497003\DLCPrivacyScrolling.exe-(PID-680).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-5996)-497596\DLCPrivacyScrolling.exe-(PID-5996).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-5436)-497284\DLCPrivacyScrolling.exe-(PID-5436).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-3108)-14463117\DLCPrivacyScrolling.exe-(PID-3108).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-3108)-14463117\rkill64-9191.exe-(PID-4616).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-2464)-951231\DLCPrivacyScrolling.exe-(PID-2464).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-2464)-951231\rkill64.exe-(PID-2396).dmp_PROCESS_SUBMITTED => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-1860)-9701686\DLCPrivacyScrolling.exe-(PID-1860).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-1860)-9701686\FRST64.exe-(PID-4680).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-1728)-633754\DLCPrivacyScrolling.exe-(PID-1728).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\service\DLCPrivacyScrolling.exe-(PID-1728)-633754\rkill64-9191.exe-(PID-4792).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-5276)-957705\AppDatabasePerl.exe-(PID-5276).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-5276)-957705\rkill64.exe-(PID-2396).dmp_PROCESS_SUBMITTED => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-4548)-9702747\AppDatabasePerl.exe-(PID-4548).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-4548)-9702747\FRST64.exe-(PID-4680).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-4332)-698822\AppDatabasePerl.exe-(PID-4332).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-4332)-698822\rkill64-9191.exe-(PID-4792).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-3784)-14463960\AppDatabasePerl.exe-(PID-3784).dmp => Moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling\desktop\AppDatabasePerl.exe-(PID-3784)-14463960\rkill64-9191.exe-(PID-4616).dmp => Moved successfully.
Could not move "C:\Users\Owner\AppData\Local\DLCPrivacyScrolling" directory. => Scheduled to move on reboot.
 
ClassOpenSnapshot.exe => Service deleted successfully.
ControlDatabaseSamba.exe => Service deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
"C:\Users\Owner\AppData\Local\ClassOpenSnapshot" => File/Directory not found.
"C:\Users\Owner\AppData\Local\ControlDatabaseSamba" => File/Directory not found.
C:\Program Files (x86)\RegularDEaLs => Moved successfully.
C:\Program Files (x86)\DiGiSaVer => Moved successfully.
C:\Program Files (x86)\MMInnimumPRice => Moved successfully.
C:\Program Files (x86)\JooniiCaoiupoon => Moved successfully.
C:\ProgramData\DiGiSaVer => Moved successfully.
C:\ProgramData\JooniiCaoiupoon => Moved successfully.
"C:\Users\Owner\AppData\Local\GameOptional" => File/Directory not found.
C:\ProgramData\MMInnimumPRice => Moved successfully.
C:\ProgramData\RegularDEaLs => Moved successfully.
C:\Users\Owner\AppData\Local\Macromedia => Moved successfully.
 
"C:\Users\Owner\AppData\Local\DLCPrivacyScrolling" directory move:
 
Could not move "C:\Users\Owner\AppData\Local\DLCPrivacyScrolling" directory. => Scheduled to move on reboot.
 
C:\ProgramData\c6050c2c69423a02 => Moved successfully.
C:\Windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a} => Moved successfully.
C:\Users\Owner\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D5AD18C-C454-4B02-87E2-C6ADFC798787}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D5AD18C-C454-4B02-87E2-C6ADFC798787}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7820DD76-9867-4A5A-B4A6-12D9B069DB7C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7820DD76-9867-4A5A-B4A6-12D9B069DB7C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Idle~Crawler Runner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~Crawler Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5A33BFD-06C1-4EC4-8031-3C3A10662397}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5A33BFD-06C1-4EC4-8031-3C3A10662397}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~Crawler Update" => Key deleted successfully.
C:\windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Users\Owner\AppData\Local\Idle~Crawler => Moved successfully.
EmptyTemp: => Removed 10.6 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-09 16:34:00)<=
 
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling => Is moved successfully.
C:\Users\Owner\AppData\Local\DLCPrivacyScrolling => Is moved successfully.
 
==== End of Fixlog ====

 

 

 

ADWCleaner log

 

 

 

# AdwCleaner v3.309 - Report created 09/09/2014 at 16:39:33
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\CostMin
Folder Deleted : C:\ProgramData\Online
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Music Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Owner\AppData\Local\iMesh
Folder Deleted : C:\Users\Owner\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Owner\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Device
Folder Deleted : C:\Users\Owner\AppData\Roaming\serv
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
File Deleted : C:\Users\Owner\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
File Deleted : C:\Users\Owner\Desktop\Continue VuuPC Installation.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\RegularDealis.RegularDealis
Key Deleted : HKLM\SOFTWARE\Classes\RegularDealis.RegularDealis.7.2
Key Deleted : HKLM\SOFTWARE\Classes\DigiSAver.DigiSAver
Key Deleted : HKLM\SOFTWARE\Classes\DigiSAver.DigiSAver.6.7
Key Deleted : HKLM\SOFTWARE\Classes\MiNimumPRiice.MiNimumPRiice
Key Deleted : HKLM\SOFTWARE\Classes\MiNimumPRiice.MiNimumPRiice.6.3
Key Deleted : HKLM\SOFTWARE\Classes\JoniCouupOn.JoniCouupOn
Key Deleted : HKLM\SOFTWARE\Classes\JoniCouupOn.JoniCouupOn.7.0
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E27729B-B0C3-7950-6628-2039EB8B3957}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E8B56EC-486B-E3F1-B35F-DA07E2299380}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ABF0AFEA-AED9-B535-7E13-D909D731D8CB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD111848-453B-2999-C85C-DE27C3321C5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E27729B-B0C3-7950-6628-2039EB8B3957}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E8B56EC-486B-E3F1-B35F-DA07E2299380}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ABF0AFEA-AED9-B535-7E13-D909D731D8CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD111848-453B-2999-C85C-DE27C3321C5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E27729B-B0C3-7950-6628-2039EB8B3957}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E8B56EC-486B-E3F1-B35F-DA07E2299380}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ABF0AFEA-AED9-B535-7E13-D909D731D8CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD111848-453B-2999-C85C-DE27C3321C5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E27729B-B0C3-7950-6628-2039EB8B3957}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E8B56EC-486B-E3F1-B35F-DA07E2299380}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ABF0AFEA-AED9-B535-7E13-D909D731D8CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD111848-453B-2999-C85C-DE27C3321C5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0E27729B-B0C3-7950-6628-2039EB8B3957}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E8B56EC-486B-E3F1-B35F-DA07E2299380}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ABF0AFEA-AED9-B535-7E13-D909D731D8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD111848-453B-2999-C85C-DE27C3321C5B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Idle~Crawler
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Imesh
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Upt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16446
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
*************************
 
AdwCleaner[R0].txt - [15583 octets] - [09/09/2014 16:38:13]
AdwCleaner[S0].txt - [14827 octets] - [09/09/2014 16:39:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14888 octets] ##########

 

 

 

 

 

FRST scan

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Owner (administrator) on OWNER-PC on 09-09-2014 16:42:43
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\WSCStatusController.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192008 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1094992 2010-09-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-15] (Google Inc.)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:33952
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/#!/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM - {866D4A3F-8C29-4992-920A-EEFE26FC9B5C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {505E14A9-D9B7-44AB-8CF4-2F1CF9B68720} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS416
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2013-01-20]
FF HKLM-x32\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin
 
Chrome:  
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MEMSWEEP2; C:\windows\system32\98A7.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S0 dvky; System32\drivers\tdlgpj.sys [X]
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X]
S3 RgFltX64; \??\C:\Users\Owner\AppData\Local\ControlDatabaseSamba\RgFltX64.sys [X]
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 16:38 - 2014-09-09 16:39 - 00000000 ____D () C:\AdwCleaner
2014-09-09 15:39 - 2014-09-09 15:37 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-09 13:13 - 2014-09-09 15:39 - 00040319 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-09-09 13:10 - 2014-09-09 12:59 - 02105344 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-09 13:02 - 2014-09-09 16:43 - 00016440 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-09 13:01 - 2014-09-09 16:42 - 00000000 ____D () C:\FRST
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 12:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 12:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-09 12:38 - 2014-09-09 12:38 - 00050068 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-09-09 12:36 - 2014-09-09 12:36 - 00108558 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-09-09 12:20 - 2014-09-09 12:19 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 12:04 - 2014-09-09 11:48 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-09 12:03 - 2014-09-08 10:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\iexplore.exe
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-07 12:27 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\98A7.tmp
2014-09-07 12:25 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\FD8.tmp
2014-09-07 11:30 - 2014-09-08 10:11 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-09-07 11:28 - 2014-09-08 10:13 - 00006366 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-09-07 11:18 - 2014-09-07 11:18 - 00000211 _____ () C:\Users\Owner\Desktop\rk-proxy.reg
2014-09-07 11:17 - 2014-09-08 10:11 - 00000312 _____ () C:\rkill.log
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 16:43 - 2014-09-09 13:02 - 00016440 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-09 16:42 - 2014-09-09 13:01 - 00000000 ____D () C:\FRST
2014-09-09 16:41 - 2013-10-22 19:26 - 00017760 _____ () C:\windows\setupact.log
2014-09-09 16:41 - 2010-10-15 00:04 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 16:41 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-09 16:40 - 2014-01-04 13:05 - 02336452 _____ () C:\windows\PFRO.log
2014-09-09 16:40 - 2010-10-15 00:04 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 16:40 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 16:40 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 16:39 - 2014-09-09 16:38 - 00000000 ____D () C:\AdwCleaner
2014-09-09 16:34 - 2014-07-26 20:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-09 16:34 - 2011-03-23 19:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-09 16:14 - 2013-11-14 02:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 15:42 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-09 15:39 - 2014-09-09 13:13 - 00040319 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-09-09 15:37 - 2014-09-09 15:39 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-09 12:59 - 2014-09-09 13:10 - 02105344 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:51 - 2010-10-15 00:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-09 12:46 - 2011-01-27 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-09 12:38 - 2014-09-09 12:38 - 00050068 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-09-09 12:36 - 2014-09-09 12:36 - 00108558 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-09-09 12:19 - 2014-09-09 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 11:48 - 2014-09-09 12:04 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-09 11:22 - 2010-10-15 00:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-09 11:21 - 2011-01-28 17:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-08 10:18 - 2009-07-14 01:08 - 00032542 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 10:13 - 2014-09-07 11:28 - 00006366 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-09-08 10:11 - 2014-09-07 11:30 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-09-08 10:11 - 2014-09-07 11:17 - 00000312 _____ () C:\rkill.log
2014-09-08 10:10 - 2009-07-14 01:13 - 00742078 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 10:06 - 2014-09-09 12:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\iexplore.exe
2014-09-08 09:56 - 2013-12-16 23:42 - 00002170 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-08 09:56 - 2013-12-16 23:42 - 00002072 _____ () C:\Users\Owner\Desktop\Search.lnk
2014-09-08 09:56 - 2012-03-24 10:00 - 00001424 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:56 - 2011-01-27 10:17 - 00001458 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 12:19 - 2011-04-05 16:03 - 00000000 ____D () C:\windows\Sun
2014-09-07 11:32 - 2014-01-04 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 11:18 - 2014-09-07 11:18 - 00000211 _____ () C:\Users\Owner\Desktop\rk-proxy.reg
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 14:45 - 2013-02-09 18:23 - 00000000 ____D () C:\ProgramData\Apple
2014-08-22 14:42 - 2013-11-25 19:41 - 00010377 _____ () C:\windows\WindowsUpdate.log
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-21 17:54
 
==================== End Of Log ============================

 

 

 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Owner at 2014-09-09 16:44:09
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Circuit Construction Kit (AC+DC) (HKCU\...\Circuit Construction Kit (AC+DC)) (Version:  - University of Colorado, Department of Physics)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D0AC5F9F-1043-4569-ACE3-67EE990EB0E6}) (Version:  - Microsoft)
Diigo Single Button (HKLM-x32\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
Electric Field Hockey (HKCU\...\Electric Field Hockey) (Version:  - University of Colorado, Department of Physics)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
ReadingFanatic Firefox Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Firefox) (Version:  - Mindspark Interactive Network) <==== ATTENTION
ReadingFanatic Internet Explorer Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
ShopAtHome.com Toolbar (HKLM-x32\...\SelectRebatesUninstall) (Version:  - )
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
TOSHIBA Hardware Setup (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
TOSHIBA Supervisor Password (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro™ Titanium™ (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{28FAC187-7C0E-413A-B90A-76F19D0FBF30}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Wave Interference (HKCU\...\Wave Interference) (Version:  - University of Colorado, Department of Physics)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-09-2014 16:51:15 Removed Windows Live Mesh ActiveX Control for Remote Connections
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {106312A4-2AC0-49CA-84AD-7322AFDA361B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DDB663D1-D292-4946-8B9A-50D4B421B99C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-20 21:13 - 2010-09-17 04:32 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2013-01-20 21:13 - 2010-09-17 04:32 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2013-01-20 21:13 - 2010-09-17 04:32 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2010-09-17 04:32 - 2010-09-17 04:32 - 00288864 ____N () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-14 23:53 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: rtl8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 04:42:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e94
 
Start Time: 01cfcc6e86aa395b
 
Termination Time: 0
 
Application Path: C:\Users\Owner\Desktop\FRST64.exe
 
Report Id: ce6b17e5-3861-11e4-a295-60eb69910ef5
 
Error: (09/09/2014 04:41:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 04:34:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iMesh.exe, version: 12.0.0.0, time stamp: 0x51c849cb
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x0002e3c6
Faulting process id: 0xbcc
Faulting application start time: 0xiMesh.exe0
Faulting application path: iMesh.exe1
Faulting module path: iMesh.exe2
Report Id: iMesh.exe3
 
Error: (09/09/2014 04:34:34 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 01:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d3c
 
Start Time: 01cfcc4fc074a6cf
 
Termination Time: 2
 
Application Path: F:\FRST64.exe
 
Report Id: 1c776073-3844-11e4-99b0-60eb69910ef5
 
Error: (09/09/2014 01:01:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 00:56:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1490
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/09/2014 00:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xaf4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/09/2014 00:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xb44
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (09/09/2014 00:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iMesh.exe, version: 12.0.0.0, time stamp: 0x51c849cb
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x0002e3c6
Faulting process id: 0x878
Faulting application start time: 0xiMesh.exe0
Faulting application path: iMesh.exe1
Faulting module path: iMesh.exe2
Report Id: iMesh.exe3
 
 
System errors:
=============
Error: (09/09/2014 04:41:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  
dvky
 
Error: (09/09/2014 04:41:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 04:41:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 04:41:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:  
%%1060
 
Error: (09/09/2014 04:34:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  
dvky
 
Error: (09/09/2014 04:33:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 04:33:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/09/2014 04:33:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:  
%%1060
 
Error: (09/09/2014 03:43:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  
%%1056
 
Error: (09/09/2014 03:42:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 04:42:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe7.9.2014.0e9401cfcc6e86aa395b0C:\Users\Owner\Desktop\FRST64.exece6b17e5-3861-11e4-a295-60eb69910ef5
 
Error: (09/09/2014 04:41:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 04:34:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iMesh.exe12.0.0.051c849cbntdll.dll6.1.7600.169154ec49d10c00000050002e3c6bcc01cfcc6d76098e8bC:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exeC:\windows\SysWOW64\ntdll.dllbc75ec40-3860-11e4-bd0a-60eb69910ef5
 
Error: (09/09/2014 04:34:34 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 01:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe7.9.2014.0d3c01cfcc4fc074a6cf2F:\FRST64.exe1c776073-3844-11e4-99b0-60eb69910ef5
 
Error: (09/09/2014 01:01:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (09/09/2014 00:56:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd149001cfcc4efff20ccbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3f422449-3842-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf401cfcc4eac02d1b9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlleb335ce6-3841-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ab4401cfcc4a976d507fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exede50edec-383d-11e4-a121-60eb69910ef5
 
Error: (09/09/2014 00:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iMesh.exe12.0.0.051c849cbntdll.dll6.1.7600.169154ec49d10c00000050002e3c687801cfcc4a895e272eC:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exeC:\windows\SysWOW64\ntdll.dlld86ba6a1-383d-11e4-a121-60eb69910ef5
 
 
==================== Memory info ===========================  
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 27%
Total physical RAM: 3893.86 MB
Available physical RAM: 2817.31 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 6644.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:224.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:29.8 GB) (Free:29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 38A39E6A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: ED8CE05C)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)
 
==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 09 September 2014 - 04:04 PM

It looks much better already.
What problems and symptoms remain at this point?



Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif
[/quote]

#9 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 September 2014 - 04:35 PM

I had my wife helping while I go supper.  Unfortunately, she ran FIX in hitman instead of just saving the log and closing.  Before the fix, she said it had found one threat, about 100 remnants, and called FRST suspicous.

 

This is the log file I got after running the tool again the way you described above.

 

 

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : OWNER-PC
   Windows . . . . . . . : 6.1.0.7600.X64/2
   User name . . . . . . : Owner-PC\Owner
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-09-09 17:21:10
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 23s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2
 
   Objects scanned . . . : 3,039,402
   Files scanned . . . . : 26,083
   Remnants scanned  . . : 2,000,990 files / 1,012,329 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Owner\Desktop\FRST64.exe
      Size . . . . . . . : 2,105,344 bytes
      Age  . . . . . . . : 0.2 days (2014-09-09 13:10:45)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0AC2B1223F31E96872E511E7F442237C39183DA65B284136E461CE0B6BDC3F58
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Owner\Desktop\FRST64.exe
 
 
 


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 09 September 2014 - 05:35 PM

Alright. Hitman always marks FRST as suspicious but don't worry it's clean.
What problems and symptoms remain now?


Step 1

Please download this attached Attached File  fixlist.txt   92bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 10 September 2014 - 08:09 AM

At this point, I don't see any symptoms of the infection on the computer.

 

 

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir    a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\iMesh\Helper.dll.vir    a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\CostMin\E3.exe.vir    a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Device\d.exe.vir    a variant of Win32/SquareNet.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\CostMin.exe.vir    a variant of Win32/AdWare.MultiPlug.AM application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\eDeals.exe.vir    multiple threats
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\FralimboSetup.exe.vir    Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\istart123.exe.vir    a variant of Win32/ELEX.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\saveon.exe.vir    Win32/InstalleRex.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\setup_fst_us.exe.vir    multiple threats
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\serv\VoPackage.exe.vir    Win32/VOPackage.U potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CostMin\b.dll    a variant of Win32/AdWare.MultiPlug.BN application
C:\FRST\Quarantine\C\Program Files (x86)\CostMin\b.x64.dll    a variant of Win64/Adware.MultiPlug.D application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xauxstb.dll    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbprtct.dll    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbrstub.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xdatact.dll    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xdlghk.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xdyn.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xfeedmg.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xhighin.exe    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xhkstub.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xhtmlmu.dll    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xhttpct.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xidle.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xieovr.dll    probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6ximpipe.exe    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xmedint.exe    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xmlbtn.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xmsg.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xPlugin.dll    probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xradio.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xregfft.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xreghk.dll    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xregiet.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xscript.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xskin.dll    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xskplay.exe    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xtpinst.dll    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xuabtn.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\AppIntegratorStub64.dll    Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\CREXT.DLL    a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\CrExtP6x.exe    a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\DPNMNGR.DLL    a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\EXEMANAGER.DLL    a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\Hpg64.dll    Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll    Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\T8EXTEX.DLL    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\T8EXTPEX.DLL    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\T8HTML.DLL    probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\T8TICKER.DLL    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\VERIFY.DLL    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Supporter\Supporter_x64.dll    a variant of Win64/SProtector.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\DLCPrivacyScrolling\AppDatabasePerl.exe.xBAD    a variant of Win32/AdWare.Pirrit.E application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\DLCPrivacyScrolling\DLCPrivacyScrolling.exe.xBAD    a variant of Win32/AdWare.Pirrit.D application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\GameOptional\GameOptional.dll    a variant of Win32/Kryptik.CJQK trojan
C:\FRST\Quarantine\C\windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\00000001.@    Win64/Conedex.L trojan
C:\FRST\Quarantine\C\windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\80000000.@    a variant of Win64/Sirefef.AW trojan
C:\FRST\Quarantine\C\windows\Installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U\800000cb.@    a variant of Win64/Sirefef.AV trojan
C:\Program Files (x86)\Internet Explorer\version.dll    Win32/Agent.WFR trojan
C:\Users\Owner\AppData\LocalLow\bfyelec.dll    a variant of Win32/Kryptik.CKUG trojan
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll    a variant of Win32/ClientConnect.A potentially unwanted application

 

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Owner (administrator) on OWNER-PC on 10-09-2014 09:04:02
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192008 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1094992 2010-09-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [iMesh] => "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-15] (Google Inc.)
HKU\S-1-5-21-2640718784-3385718997-3073930265-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/#!/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM - {866D4A3F-8C29-4992-920A-EEFE26FC9B5C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {505E14A9-D9B7-44AB-8CF4-2F1CF9B68720} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS416
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2013-01-20]
FF HKLM-x32\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin
 
Chrome:  
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MEMSWEEP2; C:\windows\system32\98A7.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S0 dvky; System32\drivers\tdlgpj.sys [X]
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X]
S3 RgFltX64; \??\C:\Users\Owner\AppData\Local\ControlDatabaseSamba\RgFltX64.sys [X]
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 09:04 - 2014-09-10 09:04 - 00016379 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-10 09:03 - 2014-09-10 09:03 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-09-09 19:09 - 2014-09-09 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-09 19:09 - 2014-09-09 18:53 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2014-09-09 17:18 - 2014-09-09 17:18 - 00017606 _____ () C:\windows\system32\.crusader
2014-09-09 17:11 - 2014-09-09 17:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 17:11 - 2014-09-09 17:11 - 11194928 _____ (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro_x64.exe
2014-09-09 16:38 - 2014-09-09 16:39 - 00000000 ____D () C:\AdwCleaner
2014-09-09 15:39 - 2014-09-09 15:37 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-09 13:10 - 2014-09-10 09:03 - 02105856 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-09 13:01 - 2014-09-10 09:04 - 00000000 ____D () C:\FRST
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 12:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 12:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-09 12:20 - 2014-09-09 12:19 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 12:04 - 2014-09-09 11:48 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-07 12:27 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\98A7.tmp
2014-09-07 12:25 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\windows\system32\FD8.tmp
2014-09-07 11:17 - 2014-09-08 10:11 - 00000312 _____ () C:\rkill.log
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:53 - 2014-08-22 14:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 09:04 - 2014-09-10 09:04 - 00016379 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-10 09:04 - 2014-09-09 13:01 - 00000000 ____D () C:\FRST
2014-09-10 09:03 - 2014-09-10 09:03 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-09-10 09:03 - 2014-09-09 13:10 - 02105856 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-10 08:40 - 2010-10-15 00:04 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 08:14 - 2013-11-14 02:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 06:11 - 2009-07-14 01:13 - 00741866 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-09 20:56 - 2010-10-15 00:04 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 19:15 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 19:15 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 19:09 - 2014-09-09 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-09 19:08 - 2013-10-22 19:26 - 00017928 _____ () C:\windows\setupact.log
2014-09-09 19:08 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-09 18:53 - 2014-09-09 19:09 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2014-09-09 17:21 - 2014-09-09 17:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 17:18 - 2014-09-09 17:18 - 00017606 _____ () C:\windows\system32\.crusader
2014-09-09 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-09 17:11 - 2014-09-09 17:11 - 11194928 _____ (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro_x64.exe
2014-09-09 16:40 - 2014-01-04 13:05 - 02336452 _____ () C:\windows\PFRO.log
2014-09-09 16:39 - 2014-09-09 16:38 - 00000000 ____D () C:\AdwCleaner
2014-09-09 16:34 - 2014-07-26 20:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-09 16:34 - 2011-03-23 19:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-09 15:42 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-09 15:37 - 2014-09-09 15:39 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-09 12:56 - 2014-09-09 12:56 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 12:56 - 2014-09-09 12:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 12:51 - 2010-10-15 00:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-09 12:46 - 2011-01-27 10:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-09 12:19 - 2014-09-09 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-09-09 11:48 - 2014-09-09 12:04 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-09 11:22 - 2010-10-15 00:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-09 11:21 - 2011-01-28 17:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-08 11:21 - 2014-09-08 11:21 - 00000000 _____ () C:\windows\ToDisc.INI
2014-09-08 10:18 - 2009-07-14 01:08 - 00032542 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 10:11 - 2014-09-07 11:17 - 00000312 _____ () C:\rkill.log
2014-09-08 09:56 - 2013-12-16 23:42 - 00002170 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-08 09:56 - 2012-03-24 10:00 - 00001424 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:56 - 2011-01-27 10:17 - 00001458 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 12:19 - 2011-04-05 16:03 - 00000000 ____D () C:\windows\Sun
2014-09-07 11:32 - 2014-01-04 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 14:56 - 2014-08-22 14:56 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 14:56 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 14:53 - 2014-08-22 14:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 14:45 - 2013-02-09 18:23 - 00000000 ____D () C:\ProgramData\Apple
2014-08-22 14:42 - 2013-11-25 19:41 - 00010377 _____ () C:\windows\WindowsUpdate.log
2014-08-18 13:50 - 2014-08-18 13:50 - 00156948 _____ () C:\ResPack3.bin
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-10 07:04
 
==================== End Of Log ============================



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 10 September 2014 - 08:46 AM

Very good, let's remove a few remnants before clean up.


Please download this attached Attached File  fixlist.txt   372bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#13 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 10 September 2014 - 09:01 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Owner at 2014-09-10 09:58:11 Run:4
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Owner\AppData\LocalLow\bfyelec.dll
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll
File: C:\Program Files (x86)\Internet Explorer\version.dll
FF HKLM-x32\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin
S0 dvky; System32\drivers\tdlgpj.sys [X]
CMD: type "C:\ProgramData\HitmanPro\Logs\HitmanPro*.log"
*****************
 
C:\Users\Owner\AppData\LocalLow\bfyelec.dll => Moved successfully.
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll => Moved successfully.
 
========================= File: C:\Program Files (x86)\Internet Explorer\version.dll ========================
 
MD5: D612854242D199379D4D05060A9D1FC4
Creation and modification date: 2014-08-22 17:12 - 2014-08-22 17:12
Size: 0049152
Attributes: ----A
Company Name:  
Internal Name:  
Original Name:  
Product Name:  
Description:  
File Version:  
Product Version:  
Copyright:  
 
====== End Of File: ======
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\6xffxtbr@ReadingFanatic_6x.com => value deleted successfully.
dvky => Service deleted successfully.
 
=========  type "C:\ProgramData\HitmanPro\Logs\HitmanPro*.log" =========
 
 
C:\ProgramData\HitmanPro\Logs\HitmanPro_20140909_1719.log
 
 
[ c o d e ]   
 H i t m a n P r o   3 . 7 . 9 . 2 2 5   
 w w w . h i t m a n p r o . c o m   
   
       C o m p u t e r   n a m e   .   .   .   .   :   O W N E R - P C   
       W i n d o w s   .   .   .   .   .   .   .   :   6 . 1 . 0 . 7 6 0 0 . X 6 4 / 2   
       U s e r   n a m e   .   .   .   .   .   .   :   O w n e r - P C \ O w n e r   
       U A C   .   .   .   .   .   .   .   .   .   :   D i s a b l e d   
       L i c e n s e   .   .   .   .   .   .   .   :   T r i a l   ( 3 0   d a y s   l e f t )   
   
       S c a n   d a t e   .   .   .   .   .   .   :   2 0 1 4 - 0 9 - 0 9   1 7 : 1 3 : 1 3   
       S c a n   m o d e   .   .   .   .   .   .   :   N o r m a l   
       S c a n   d u r a t i o n   .   .   .   .   :   3 m   2 6 s   
       D i s k   a c c e s s   m o d e     .   .   :   D i r e c t   d i s k   a c c e s s   ( S R B )   
       C l o u d   .   .   .   .   .   .   .   .   :   I n t e r n e t   
       R e b o o t     .   .   .   .   .   .   .   :   Y e s   
   
       T h r e a t s   .   .   .   .   .   .   .   :   1   
       T r a c e s     .   .   .   .   .   .   .   :   1 0 6   
   
       O b j e c t s   s c a n n e d   .   .   .   :   3 , 0 3 9 , 9 1 3   
       F i l e s   s c a n n e d   .   .   .   .   :   2 6 , 1 6 1   
       R e m n a n t s   s c a n n e d     .   .   :   2 , 0 0 0 , 8 9 9   f i l e s   /   1 , 0 1 2 , 8 5 3   k e y s   
   
 M a l w a r e   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _   
   
       C : \ U s e r s \ O w n e r \ A p p D a t a \ R o a m i n g \ 7 8 4 A \ m e m o r y x p c o m . d l l   - >   Q u a r a n t i n e d   
             S i z e   .   .   .   .   .   .   .   :   3 1 0 , 2 7 2   b y t e s   
             A g e     .   .   .   .   .   .   .   :   8 2 . 2   d a y s   ( 2 0 1 4 - 0 6 - 1 9   1 2 : 5 3 : 4 5 )   
             E n t r o p y     .   .   .   .   .   :   7 . 2   
             S H A - 2 5 6     .   .   .   .   .   :   8 4 9 0 6 2 B 5 6 2 D 1 0 4 4 9 2 B 7 8 3 3 A 4 C E 4 7 1 B 7 2 5 C C B D 3 4 4 D F 0 6 2 A 6 1 1 A E B 3 F F E 3 3 6 A 0 C 3 C   
             P r o d u c t     .   .   .   .   .   :   B o r l a n d   H T T P   S e r v e r   
             P u b l i s h e r     .   .   .   .   :   B o r l a n d   S o f t w a r e   C o r p o r a t i o n   
             D e s c r i p t i o n     .   .   .   :   B o r l a n d   H T T P   S e r v e r   
             V e r s i o n     .   .   .   .   .   :   7 . 0 . 4 . 4 5 3   
             C o p y r i g h t     .   .   .   .   :   C o p y r i g h t   �   1 9 9 9 - 2 0 0 1   B o r l a n d   S o f t w a r e   C o r p o r a t i o n   
             L a n g u a g e I D   .   .   .   .   :   1 0 3 3   
         >   B i t d e f e n d e r     .   .   .   :   T r o j a n . G e n e r i c K D . 1 7 4 7 4 6 5   
             F u z z y     .   .   .   .   .   .   :   1 0 4 . 0   
   
   
 S u s p i c i o u s   f i l e s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _   
   
       C : \ U s e r s \ O w n e r \ D e s k t o p \ F R S T 6 4 . e x e   
             S i z e   .   .   .   .   .   .   .   :   2 , 1 0 5 , 3 4 4   b y t e s   
             A g e     .   .   .   .   .   .   .   :   0 . 2   d a y s   ( 2 0 1 4 - 0 9 - 0 9   1 3 : 1 0 : 4 5 )   
             E n t r o p y     .   .   .   .   .   :   7 . 5   
             S H A - 2 5 6     .   .   .   .   .   :   0 A C 2 B 1 2 2 3 F 3 1 E 9 6 8 7 2 E 5 1 1 E 7 F 4 4 2 2 3 7 C 3 9 1 8 3 D A 6 5 B 2 8 4 1 3 6 E 4 6 1 C E 0 B 6 B D C 3 F 5 8   
             N e e d s   e l e v a t i o n     .   :   Y e s   
             F u z z y     .   .   .   .   .   .   :   2 4 . 0   
                   P r o g r a m   h a s   n o   p u b l i s h e r   i n f o r m a t i o n   b u t   p r o m p t s   t h e   u s e r   f o r   p e r m i s s i o n   e l e v a t i o n .   
                   E n t r o p y   ( o r   r a n d o m n e s s )   i n d i c a t e s   t h e   p r o g r a m   i s   e n c r y p t e d ,   c o m p r e s s e d   o r   o b f u s c a t e d .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s .   
                   A u t h o r s   n a m e   i s   m i s s i n g   i n   v e r s i o n   i n f o .   T h i s   i s   n o t   c o m m o n   t o   m o s t   p r o g r a m s .   
                   V e r s i o n   c o n t r o l   i s   m i s s i n g .   T h i s   f i l e   i s   p r o b a b l y   c r e a t e d   b y   a n   i n d i v i d u a l .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s .   
                   T i m e   i n d i c a t e s   t h a t   t h e   f i l e   a p p e a r e d   r e c e n t l y   o n   t h i s   c o m p u t e r .   
             R e f e r e n c e s   
                   H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ C l a s s e s \ L o c a l   S e t t i n g s \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ S h e l l \ M u i C a c h e \ C : \ U s e r s \ O w n e r \ D e s k t o p \ F R S T 6 4 . e x e   
   
   
 P o t e n t i a l   U n w a n t e d   P r o g r a m s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _   
   
       H K L M \ S O F T W A R E \ C l a s s e s \ . A A C \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a i f \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a i f c \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a i f f \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a p e \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a s f \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a u \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . a v i \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . c d a \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . d i v x \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . f l v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . I V F \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m 1 v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m 4 a \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m 4 e \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m i d \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m i d i \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m k a \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m k v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . M O D \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p 2 \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p 2 v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p 3 \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p 4 \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p a \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p e \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p e g \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p g \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . m p v 2 \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . q t \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . r a m \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . r m \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . r m i \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . r m v b \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . s n d \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . t o r r e n t \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . v o b \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w a v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w m \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w m a \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . W M D \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w m v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w m x \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ . w v \ O p e n W i t h L i s t \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ A p p I D \ { C 4 1 C 9 6 7 C - 1 B D 4 - 4 0 4 c - 8 3 9 3 - A 3 4 F 9 4 1 5 6 1 9 3 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ A p p l i c a t i o n s \ i M e s h . e x e \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ A u d i o C D \ s h e l l \ P l a y W i t h i M e s h \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I G I F A n i m a t o r . I G I F A n i m a t o r C t r l . 1 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I G I F A n i m a t o r . I G I F A n i m a t o r C t r l \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ i M e s h . L a u n c h e r E v e n t H a n d l e r . 1 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ i M e s h . L a u n c h e r E v e n t H a n d l e r \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I M T r P r o g r e s s . I M T r P r o g r e s s C t r l . 1 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I M T r P r o g r e s s . I M T r P r o g r e s s C t r l \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I M W e b . I M W e b C o n t r o l . 1 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 3 4 A 1 1 7 A D - 7 F 4 3 - 4 8 5 9 - B F 9 7 - A D C 4 6 4 8 8 9 5 3 F } \   ( T e l e v i s i o n F a n a t i c )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 5 9 6 B B 8 6 E - F 1 E 5 - A 1 D E - 3 3 6 3 - 4 1 A B 6 3 4 E 7 7 E F } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { A 3 4 9 2 A 3 A - 6 7 1 5 - 9 3 7 1 - F 8 D B - 1 C 4 8 C C 4 D A A A 1 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { A 6 3 B 4 8 E 9 - 1 E C 7 - 4 1 3 E - 9 C 4 8 - 3 4 0 4 B B F 8 7 B F 3 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { A A 8 7 1 4 C 4 - 2 9 4 D - 4 7 F B - B C E 0 - B C 1 2 4 4 5 C F B D 4 } \   ( T e l e v i s i o n F a n a t i c )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { D 1 5 8 0 9 A A - 5 0 C F - 4 E E 0 - B C C 9 - E 9 1 A 6 8 1 B E F D 3 } \   ( M u s i c T o o l b a r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { E F D E 1 1 A 9 - F E 0 B - 4 5 4 8 - B 8 7 6 - 5 E A C 0 A 6 C E 8 6 E } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ R e c o r d \ { 2 0 0 9 A F 2 F - 5 7 8 6 - 3 0 6 7 - 8 7 9 9 - B 9 7 F 7 8 3 2 F D D 6 } \   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ R e c o r d \ { 4 2 5 E 7 5 9 7 - 0 3 A 2 - 3 3 8 D - B 7 2 A - 0 E 5 1 F F E 7 7 A 7 E } \   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ R e c o r d \ { 9 1 5 B B 7 D 5 - 0 8 2 E - 3 B 9 1 - B 1 E 0 - 4 5 B 5 F D E 0 1 F 2 4 } \   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ R e c o r d \ { F B 2 E 6 5 F 4 - 5 6 8 7 - 3 3 E F - 9 B B F - 4 E 3 C 9 C 9 8 D 3 B 9 } \   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W M H e l p e r i M e s h . W M H e l p e r . 1 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W M H e l p e r i M e s h . W M H e l p e r \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ A p p I D \ { C 4 1 C 9 6 7 C - 1 B D 4 - 4 0 4 c - 8 3 9 3 - A 3 4 F 9 4 1 5 6 1 9 3 } \   ( i M e s h )   - >   P e n d i n g D e l e t e   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 1 4 8 1 3 2 E 6 - 6 2 6 D - 4 A 5 E - 8 0 6 3 - A 7 6 1 E B 2 9 A 5 0 B } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { F 8 A B 4 3 E D - E C 8 8 - 4 d e 7 - B 2 1 3 - F 8 9 1 5 7 D 2 9 C 6 2 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ I n t e r f a c e \ { 5 9 6 B B 8 6 E - F 1 E 5 - A 1 D E - 3 3 6 3 - 4 1 A B 6 3 4 E 7 7 E F } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ I n t e r f a c e \ { A 3 4 9 2 A 3 A - 6 7 1 5 - 9 3 7 1 - F 8 D B - 1 C 4 8 C C 4 D A A A 1 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ I n t e r f a c e \ { A 6 3 B 4 8 E 9 - 1 E C 7 - 4 1 3 E - 9 C 4 8 - 3 4 0 4 B B F 8 7 B F 3 } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ I n t e r f a c e \ { E F D E 1 1 A 9 - F E 0 B - 4 5 4 8 - B 8 7 6 - 5 E A C 0 A 6 C E 8 6 E } \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y C D A u d i o O n A r r i v a l \ I M P l a y C D A u d i o O n A r r i v a l   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y C D A u d i o O n A r r i v a l \ I M R i p C D A u d i o O n A r r i v a l   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y M u s i c F i l e s O n A r r i v a l \ I M S h o w V o l u m e O n A r r i v a l   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ R e g i s t e r e d A p p l i c a t i o n s \ i M e s h   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ R S T \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ S I - A p p \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W i n U p d \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ i M e s h M e d i a B a r _ R A S A P I 3 2 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ i M e s h M e d i a B a r _ R A S M A N C S \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ S e t u p D a t a M n g r _ i M e s h _ R A S A P I 3 2 \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ S e t u p D a t a M n g r _ i M e s h _ R A S M A N C S \   ( i M e s h )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ e x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y C D A u d i o O n A r r i v a l \ I M P l a y C D A u d i o O n A r r i v a l   ( i M e s h )   - >   P e n d i n g D e l e t e   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ e x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y C D A u d i o O n A r r i v a l \ I M R i p C D A u d i o O n A r r i v a l   ( i M e s h )   - >   P e n d i n g D e l e t e   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ e x p l o r e r \ A u t o p l a y H a n d l e r s \ E v e n t H a n d l e r s \ P l a y M u s i c F i l e s O n A r r i v a l \ I M S h o w V o l u m e O n A r r i v a l   ( i M e s h )   - >   P e n d i n g D e l e t e   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ P r e A p p r o v e d \ { 2 f f 4 9 e d 5 - a 3 e f - 4 1 0 b - 9 1 8 e - 9 7 d e c e b 5 9 9 6 d } \   ( T e l e v i s i o n F a n a t i c )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ R e g i s t e r e d A p p l i c a t i o n s \ i M e s h   ( i M e s h )   - >   P e n d i n g D e l e t e   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ R S T \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ S I - A p p \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ W i n U p d \   ( P i r r i t S u g g e s t o r )   - >   D e l e t e d   
       H K U \ . D E F A U L T \ S o f t w a r e \ A p p D a t a L o w \ { 5 F 1 8 9 D F 5 - 2 D 0 5 - 4 7 2 B - 9 0 9 1 - 8 4 D 9 8 4 8 A E 4 8 B } \   ( P C O p t i m i z e r P r o )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 1 8 \ S o f t w a r e \ A p p D a t a L o w \ { 5 F 1 8 9 D F 5 - 2 D 0 5 - 4 7 2 B - 9 0 9 1 - 8 4 D 9 8 4 8 A E 4 8 B } \   ( P C O p t i m i z e r P r o )   - >   P e n d i n g D e l e t e   
       H K U \ S - 1 - 5 - 1 9 \ S o f t w a r e \ A p p D a t a L o w \ { 5 F 1 8 9 D F 5 - 2 D 0 5 - 4 7 2 B - 9 0 9 1 - 8 4 D 9 8 4 8 A E 4 8 B } \   ( P C O p t i m i z e r P r o )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 0 \ S o f t w a r e \ A p p D a t a L o w \ { 5 F 1 8 9 D F 5 - 2 D 0 5 - 4 7 2 B - 9 0 9 1 - 8 4 D 9 8 4 8 A E 4 8 B } \   ( P C O p t i m i z e r P r o )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ I n s t a l l e r \ U p g r a d e C o d e s \ 5 E 8 0 3 1 6 0 6 E B 6 0 A 6 4 C 8 8 2 9 1 8 F 8 F F 3 8 D D 4 \   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ A p p r o v e d   E x t e n s i o n s \ { 4 7 4 5 9 7 C 5 - A B 0 9 - 4 9 D 6 - A 4 D 5 - 2 E 8 D 7 3 4 1 3 8 4 E }   ( i M e s h )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ A p p r o v e d E x t e n s i o n s M i g r a t i o n \ { A E 0 7 1 0 1 B - 4 6 D 4 - 4 A 9 8 - A F 6 8 - 0 3 3 3 E A 2 6 E 1 1 3 }   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ F e a t u r e C o n t r o l \ F E A T U R E _ B R O W S E R _ E M U L A T I O N \ S n a p D o . e x e   ( F L V   P l a y e r )   - >   D e l e t e d   
       H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ S t a t s \ { 2 F F 4 9 E D 5 - A 3 E F - 4 1 0 B - 9 1 8 E - 9 7 D E C E B 5 9 9 6 D } \   ( T e l e v i s i o n F a n a t i c )   - >   D e l e t e d   
   
 R e p a i r s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _   
   
       P r o x y   s e r v e r   o n   t h i s   c o m p u t e r   ( U s e r )   
       1 2 7 . 0 . 0 . 1 : 3 3 9 5 2   
   
   
   
 [ / c o d e ]   
 
C:\ProgramData\HitmanPro\Logs\HitmanPro_20140909_1727.log
 
 
[ c o d e ]   
 H i t m a n P r o   3 . 7 . 9 . 2 2 5   
 w w w . h i t m a n p r o . c o m   
   
       C o m p u t e r   n a m e   .   .   .   .   :   O W N E R - P C   
       W i n d o w s   .   .   .   .   .   .   .   :   6 . 1 . 0 . 7 6 0 0 . X 6 4 / 2   
       U s e r   n a m e   .   .   .   .   .   .   :   O w n e r - P C \ O w n e r   
       U A C   .   .   .   .   .   .   .   .   .   :   D i s a b l e d   
       L i c e n s e   .   .   .   .   .   .   .   :   T r i a l   ( 3 0   d a y s   l e f t )   
   
       S c a n   d a t e   .   .   .   .   .   .   :   2 0 1 4 - 0 9 - 0 9   1 7 : 2 1 : 1 0   
       S c a n   m o d e   .   .   .   .   .   .   :   N o r m a l   
       S c a n   d u r a t i o n   .   .   .   .   :   5 m   2 3 s   
       D i s k   a c c e s s   m o d e     .   .   :   D i r e c t   d i s k   a c c e s s   ( S R B )   
       C l o u d   .   .   .   .   .   .   .   .   :   I n t e r n e t   
       R e b o o t     .   .   .   .   .   .   .   :   N o   
   
       T h r e a t s   .   .   .   .   .   .   .   :   0   
       T r a c e s     .   .   .   .   .   .   .   :   2   
   
       O b j e c t s   s c a n n e d   .   .   .   :   3 , 0 3 9 , 4 0 2   
       F i l e s   s c a n n e d   .   .   .   .   :   2 6 , 0 8 3   
       R e m n a n t s   s c a n n e d     .   .   :   2 , 0 0 0 , 9 9 0   f i l e s   /   1 , 0 1 2 , 3 2 9   k e y s   
   
 S u s p i c i o u s   f i l e s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _   
   
       C : \ U s e r s \ O w n e r \ D e s k t o p \ F R S T 6 4 . e x e   
             S i z e   .   .   .   .   .   .   .   :   2 , 1 0 5 , 3 4 4   b y t e s   
             A g e     .   .   .   .   .   .   .   :   0 . 2   d a y s   ( 2 0 1 4 - 0 9 - 0 9   1 3 : 1 0 : 4 5 )   
             E n t r o p y     .   .   .   .   .   :   7 . 5   
             S H A - 2 5 6     .   .   .   .   .   :   0 A C 2 B 1 2 2 3 F 3 1 E 9 6 8 7 2 E 5 1 1 E 7 F 4 4 2 2 3 7 C 3 9 1 8 3 D A 6 5 B 2 8 4 1 3 6 E 4 6 1 C E 0 B 6 B D C 3 F 5 8   
             N e e d s   e l e v a t i o n     .   :   Y e s   
             F u z z y     .   .   .   .   .   .   :   2 4 . 0   
                   P r o g r a m   h a s   n o   p u b l i s h e r   i n f o r m a t i o n   b u t   p r o m p t s   t h e   u s e r   f o r   p e r m i s s i o n   e l e v a t i o n .   
                   E n t r o p y   ( o r   r a n d o m n e s s )   i n d i c a t e s   t h e   p r o g r a m   i s   e n c r y p t e d ,   c o m p r e s s e d   o r   o b f u s c a t e d .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s .   
                   A u t h o r s   n a m e   i s   m i s s i n g   i n   v e r s i o n   i n f o .   T h i s   i s   n o t   c o m m o n   t o   m o s t   p r o g r a m s .   
                   V e r s i o n   c o n t r o l   i s   m i s s i n g .   T h i s   f i l e   i s   p r o b a b l y   c r e a t e d   b y   a n   i n d i v i d u a l .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s .   
                   T i m e   i n d i c a t e s   t h a t   t h e   f i l e   a p p e a r e d   r e c e n t l y   o n   t h i s   c o m p u t e r .   
             R e f e r e n c e s   
                   H K U \ S - 1 - 5 - 2 1 - 2 6 4 0 7 1 8 7 8 4 - 3 3 8 5 7 1 8 9 9 7 - 3 0 7 3 9 3 0 2 6 5 - 1 0 0 0 \ S o f t w a r e \ C l a s s e s \ L o c a l   S e t t i n g s \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ S h e l l \ M u i C a c h e \ C : \ U s e r s \ O w n e r \ D e s k t o p \ F R S T 6 4 . e x e   
   
   
   
 [ / c o d e ]   
 
========= End of CMD: =========
 
 
==== End of Fixlog ====



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 AM

Posted 10 September 2014 - 09:07 AM

I'm not sure about one file yet. It looks pretty suspicious but let's find out more:


Please visit VirusTotal and scan a file as follows:
  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    C:\Program Files (x86)\Internet Explorer\version.dll
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.


#15 TomHQuick1969

TomHQuick1969
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 10 September 2014 - 09:12 AM

https://www.virustotal.com/en/file/c447a7ecefa93ce915d78732bb8e9c240d311bfdcf3160dd42ca8e14b56d608a/analysis/1410358239/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users