Solved Please check my PC...
- Thread starter lroman3
- Start date
lroman3
Posts: 246 +0
I am using IE for browser. I haven't tried anything else.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Fri 01/31/2014 at 21:03:36.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at 21:11:16.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Fri 01/31/2014 at 21:03:36.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at 21:11:16.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Broni
Posts: 56,041 +516
How are you downloading then?
Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
You can use ANY browser to download "FixIt" file.
Make sure you follow ALL steps listed there.
Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
You can use ANY browser to download "FixIt" file.
Make sure you follow ALL steps listed there.
lroman3
Posts: 246 +0
OTL Extras logfile created on: 1/31/2014 9:16:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: | Country: | Language: | Date Format:
4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EB1C651-6132-4735-85E9-6AE49851A6D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C4C2EA6-8C52-46CC-88AC-0B98597DCE61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1AC66EC-B756-45E6-B9D8-280363AD69BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05980FAE-C726-4AE9-BDCE-4CD755A4D70B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{5628E159-4706-4041-8532-D2EC392BFAA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FDC4BA2-2069-40B6-AE84-B7DBD0CABF6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60E12534-DA33-4747-98A4-734B65D44513}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{61481972-6042-4F43-B703-1B3419594DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6965FBB0-907E-47D9-816D-87E785493FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{6D7AB13F-8006-48F2-98FD-A88A3C5D98BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{71AB0C0F-BEBA-4991-84AC-ADBD04CEE302}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7BF391D1-41DB-4D6B-8DAE-97036260D528}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{8D916EE4-D3EE-41C7-851F-415F3B437C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{9B371185-1486-4732-829C-171B5EAF26F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{D4A40C96-92DE-4C57-8B14-571C0B12FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"TCP Query User{02FFE3AF-1D55-4521-8D98-F09E739231DC}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
"TCP Query User{120F56B9-F227-43B3-AD70-6437C64342EE}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
"TCP Query User{4B2A1FAE-461E-4F30-A104-206495A8AA64}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
"TCP Query User{660104DB-040C-4702-A9D2-0C1DFEAD226E}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{2F195C53-9A8F-49E8-8544-81720AA38CEC}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
"UDP Query User{4A4813A7-CC80-424D-BC9A-1271A450FA6B}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{90D65AD4-D1B3-4E4C-8A1A-EBFECF6238C6}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
"UDP Query User{DBDF8A35-408E-438F-9EFE-00526C7D2B58}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: | Country: | Language: | Date Format:
4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EB1C651-6132-4735-85E9-6AE49851A6D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C4C2EA6-8C52-46CC-88AC-0B98597DCE61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1AC66EC-B756-45E6-B9D8-280363AD69BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05980FAE-C726-4AE9-BDCE-4CD755A4D70B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{5628E159-4706-4041-8532-D2EC392BFAA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FDC4BA2-2069-40B6-AE84-B7DBD0CABF6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60E12534-DA33-4747-98A4-734B65D44513}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{61481972-6042-4F43-B703-1B3419594DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6965FBB0-907E-47D9-816D-87E785493FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{6D7AB13F-8006-48F2-98FD-A88A3C5D98BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{71AB0C0F-BEBA-4991-84AC-ADBD04CEE302}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7BF391D1-41DB-4D6B-8DAE-97036260D528}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{8D916EE4-D3EE-41C7-851F-415F3B437C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{9B371185-1486-4732-829C-171B5EAF26F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{D4A40C96-92DE-4C57-8B14-571C0B12FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"TCP Query User{02FFE3AF-1D55-4521-8D98-F09E739231DC}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
"TCP Query User{120F56B9-F227-43B3-AD70-6437C64342EE}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
"TCP Query User{4B2A1FAE-461E-4F30-A104-206495A8AA64}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
"TCP Query User{660104DB-040C-4702-A9D2-0C1DFEAD226E}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{2F195C53-9A8F-49E8-8544-81720AA38CEC}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
"UDP Query User{4A4813A7-CC80-424D-BC9A-1271A450FA6B}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{90D65AD4-D1B3-4E4C-8A1A-EBFECF6238C6}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
"UDP Query User{DBDF8A35-408E-438F-9EFE-00526C7D2B58}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
lroman3
Posts: 246 +0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = TOSHIBA Upgrade Assistant
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7884A50C-47D3-4F51-B187-CD6DE873B2F0}" = Nuance PaperPort 14
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon MP240 series User Registration" = Canon MP240 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NovaBACKUP" = NovaBACKUP
"Picasa2" = Picasa 2
"Settings Alerter" = Settings Alerter
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"WildTangent toshiba Master Uninstall" = WildTangent Games
< End of report >
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = TOSHIBA Upgrade Assistant
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7884A50C-47D3-4F51-B187-CD6DE873B2F0}" = Nuance PaperPort 14
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon MP240 series User Registration" = Canon MP240 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NovaBACKUP" = NovaBACKUP
"Picasa2" = Picasa 2
"Settings Alerter" = Settings Alerter
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"WildTangent toshiba Master Uninstall" = WildTangent Games
< End of report >
lroman3
Posts: 246 +0
My apologies, I thought I had posted the OTL log.
OTL logfile created on: 1/31/2014 9:16:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: | Country: | Language: | Date Format:
4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/31 20:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/07/01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
PRC - [2011/06/28 08:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/04/15 10:57:44 | 000,203,912 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2010/01/26 08:22:38 | 001,897,952 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009/05/15 14:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/28 14:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
PRC - [2009/02/16 19:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/03/10 20:20:00 | 000,689,488 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
PRC - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/02 17:13:18 | 001,335,872 | ---- | M] () -- C:\Program Files (x86)\WOT\WOT.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/15 10:55:12 | 002,452,616 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
MOD - [2010/04/15 10:49:24 | 000,183,432 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/21 09:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/26 21:18:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/04/15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/24 18:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EE34B334-E0D0-4876-B310-B42DE29A3CDE}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EE34B334-E0D0-4876-B310-B42DE29A3CDE}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSHB_enUS419
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\User\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/02 22:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/14 08:06:19 | 000,000,000 | ---D | M]
[2013/05/02 22:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/26 21:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/26 21:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/26 21:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2014/01/30 19:05:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - Startup: C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717 [2013/05/02 22:52:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/02 22:52:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2013/05/05 18:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ATI [2013/05/02 22:53:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonBJ [2013/05/02 22:53:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJ [2013/12/04 19:38:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonIJEGV [2013/12/04 19:28:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJMyPrinter [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJPLM [2014/01/10 16:02:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonIJScan [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJSolutionMenu [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Geek Squad [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InterVideo [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Macrovision [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes' Anti-Malware (portable) [2014/01/29 11:51:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2013/05/02 22:53:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013/05/02 22:53:22 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2014/01/25 21:20:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NovaStor [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nuance [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Oracle [2014/01/25 12:44:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ScanSoft [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/02/15 17:55:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2013/12/04 19:29:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2013/05/02 22:53:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Zeon [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/13 22:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2013/05/02 23:12:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
OTL logfile created on: 1/31/2014 9:16:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: | Country: | Language: | Date Format:
4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/31 20:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/07/01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
PRC - [2011/06/28 08:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/04/15 10:57:44 | 000,203,912 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2010/01/26 08:22:38 | 001,897,952 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009/05/15 14:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/28 14:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
PRC - [2009/02/16 19:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/03/10 20:20:00 | 000,689,488 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
PRC - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/02 17:13:18 | 001,335,872 | ---- | M] () -- C:\Program Files (x86)\WOT\WOT.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/15 10:55:12 | 002,452,616 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
MOD - [2010/04/15 10:49:24 | 000,183,432 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/21 09:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/26 21:18:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/04/15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/24 18:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EE34B334-E0D0-4876-B310-B42DE29A3CDE}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EE34B334-E0D0-4876-B310-B42DE29A3CDE}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSHB_enUS419
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\User\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/02 22:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/14 08:06:19 | 000,000,000 | ---D | M]
[2013/05/02 22:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/26 21:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/26 21:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/26 21:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2014/01/30 19:05:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - Startup: C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717 [2013/05/02 22:52:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/02 22:52:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2013/05/05 18:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ATI [2013/05/02 22:53:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonBJ [2013/05/02 22:53:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJ [2013/12/04 19:38:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonIJEGV [2013/12/04 19:28:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJMyPrinter [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJPLM [2014/01/10 16:02:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonIJScan [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CanonIJSolutionMenu [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Geek Squad [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InterVideo [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Macrovision [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes' Anti-Malware (portable) [2014/01/29 11:51:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2013/05/02 22:53:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013/05/02 22:53:22 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2014/01/25 21:20:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NovaStor [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nuance [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Oracle [2014/01/25 12:44:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ScanSoft [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/02/15 17:55:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2013/12/04 19:29:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2013/05/02 22:53:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Zeon [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/13 22:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2013/05/02 23:12:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
lroman3
Posts: 246 +0
O4 - Startup: C:\Users\Default\Pictures [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Roaming [2013/05/02 23:12:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/13 21:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2014/01/30 19:07:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/05/05 18:28:40 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/13 21:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/07/13 23:54:24 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2013/06/17 13:57:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Roaming [2013/05/02 22:54:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\.shsh [2013/05/02 23:06:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\AppData [2013/05/02 23:06:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\User\Application Data [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Contacts [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Cookies [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Desktop [2014/01/31 21:11:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Downloads [2013/08/19 14:13:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Favorites [2013/11/30 23:09:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Links [2014/01/25 21:21:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Local Settings [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Music [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\My PaperPort.com [2013/02/24 15:51:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\NetHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\ntuser.dat ()
O4 - Startup: C:\Users\User\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\User\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.ini ()
O4 - Startup: C:\Users\User\Pictures [2013/12/05 09:37:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\PrintHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Recent [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Roaming [2013/05/02 23:09:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\Saved Games [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Searches [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\SendTo [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Start Menu [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Sti_Trace.log ()
O4 - Startup: C:\Users\User\Templates [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\umbrella0.log ()
O4 - Startup: C:\Users\User\Videos [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3197978C-19DE-43B7-9DF0-AC3E1D7C068B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | -H-- | M] () - E:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | R--- | M] () - E:\AUTORUN_.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/31 20:54:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/30 19:07:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/30 19:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/30 18:14:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/30 18:14:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/30 18:14:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/30 18:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/29 11:40:09 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/29 11:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/29 11:39:17 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/27 18:36:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2014/01/25 12:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/25 10:29:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/01/25 10:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
========== Files - Modified Within 30 Days ==========
[2014/01/31 21:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 21:03:50 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/31 21:03:50 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/31 21:03:50 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/31 20:57:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 20:56:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/31 20:56:21 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 19:05:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/30 18:55:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/29 11:40:09 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/29 11:39:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
========== Files Created - No Company Name ==========
[2014/01/31 20:53:24 | 000,602,112 | ---- | C] () -- \OTL.exe
[2014/01/31 20:53:13 | 001,037,068 | ---- | C] () -- \JRT.exe
[2014/01/31 20:52:59 | 001,166,132 | ---- | C] () -- \adwcleaner.exe
[2014/01/30 18:14:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/30 18:14:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/30 18:14:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/30 18:14:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/30 18:14:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/30 18:09:10 | 001,933,048 | ---- | C] () -- \rkill.exe
[2014/01/30 18:06:26 | 005,177,551 | R--- | C] () -- \ComboFix.exe
[2014/01/29 11:31:05 | 004,380,160 | ---- | C] () -- \RogueKillerX64.exe
[2014/01/29 11:15:13 | 012,589,848 | ---- | C] () -- \mbar-1.07.0.1009.exe
[2014/01/27 18:59:31 | 000,688,992 | R--- | C] () -- \dds.com
[2014/01/27 18:26:32 | 002,079,232 | ---- | C] () -- \FRST64.exe
[2013/05/03 04:43:34 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/02 22:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/07 14:05:43 | 002,870,860 | ---- | C] () -- \Tightrope edit.mp3
[2012/10/29 07:45:53 | 012,189,838 | ---- | C] () -- \twow1.pdf
[2012/10/29 07:45:51 | 011,197,299 | ---- | C] () -- \twow2.pdf
[2012/09/14 15:19:53 | 000,000,416 | ---- | C] () -- \SGPortable.lnk
[2012/09/14 15:19:53 | 000,000,215 | R--- | C] () -- \AUTORUN_.INF
[2012/09/14 15:19:53 | 000,000,215 | -H-- | C] () -- \autorun.inf
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/05/02 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717
[2013/05/02 22:52:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013/05/02 22:53:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2013/12/04 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/12/04 19:28:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2014/01/10 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\Geek Squad
[2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo
[2013/05/02 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\NovaStor
[2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nuance
[2014/01/25 12:44:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\Oracle
[2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013/12/04 19:29:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2013/05/02 22:53:41 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Zeon
[2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/07/13 22:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2013/05/02 23:12:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2013/05/02 23:12:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Roaming
[2009/07/13 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2014/01/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/05/05 18:28:40 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/13 21:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/07/13 23:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2013/06/17 13:57:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2013/05/02 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Public\Roaming
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2013/05/02 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\User\.shsh
[2013/05/02 23:06:47 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Application Data
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
[2014/01/31 21:11:16 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
[2013/11/11 11:22:53 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
[2013/08/19 14:13:34 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
[2013/11/30 23:09:02 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
[2014/01/25 21:21:22 | 000,000,000 | R--D | M] -- C:\Users\User\Links
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Local Settings
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Music
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\My Documents
[2013/02/24 15:51:27 | 000,000,000 | ---D | M] -- C:\Users\User\My PaperPort.com
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\NetHood
[2013/12/05 09:37:25 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\PrintHood
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
[2013/05/02 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\User\Roaming
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Start Menu
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Templates
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Videos
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\Users\All Users\Temp:FD9CE1F3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FD9CE1F3
< End of report >
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Roaming [2013/05/02 23:12:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/13 21:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2014/01/30 19:07:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/05/05 18:28:40 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/13 21:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/07/13 23:54:24 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2013/06/17 13:57:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Roaming [2013/05/02 22:54:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\.shsh [2013/05/02 23:06:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\AppData [2013/05/02 23:06:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\User\Application Data [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Contacts [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Cookies [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Desktop [2014/01/31 21:11:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Downloads [2013/08/19 14:13:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Favorites [2013/11/30 23:09:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Links [2014/01/25 21:21:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Local Settings [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Music [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\My PaperPort.com [2013/02/24 15:51:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\NetHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\ntuser.dat ()
O4 - Startup: C:\Users\User\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\User\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TM.blf ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\User\ntuser.ini ()
O4 - Startup: C:\Users\User\Pictures [2013/12/05 09:37:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\PrintHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Recent [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Roaming [2013/05/02 23:09:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\User\Saved Games [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Searches [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\SendTo [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Start Menu [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\Sti_Trace.log ()
O4 - Startup: C:\Users\User\Templates [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\User\umbrella0.log ()
O4 - Startup: C:\Users\User\Videos [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3197978C-19DE-43B7-9DF0-AC3E1D7C068B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | -H-- | M] () - E:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | R--- | M] () - E:\AUTORUN_.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/31 20:54:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/30 19:07:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/30 19:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/30 18:14:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/30 18:14:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/30 18:14:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/30 18:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/29 11:40:09 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/29 11:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/29 11:39:17 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/27 18:36:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2014/01/25 12:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/25 10:29:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/01/25 10:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
========== Files - Modified Within 30 Days ==========
[2014/01/31 21:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 21:03:50 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/31 21:03:50 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/31 21:03:50 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/31 20:57:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 20:56:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/31 20:56:21 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 19:05:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/30 18:55:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/29 11:40:09 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/29 11:39:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
========== Files Created - No Company Name ==========
[2014/01/31 20:53:24 | 000,602,112 | ---- | C] () -- \OTL.exe
[2014/01/31 20:53:13 | 001,037,068 | ---- | C] () -- \JRT.exe
[2014/01/31 20:52:59 | 001,166,132 | ---- | C] () -- \adwcleaner.exe
[2014/01/30 18:14:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/30 18:14:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/30 18:14:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/30 18:14:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/30 18:14:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/30 18:09:10 | 001,933,048 | ---- | C] () -- \rkill.exe
[2014/01/30 18:06:26 | 005,177,551 | R--- | C] () -- \ComboFix.exe
[2014/01/29 11:31:05 | 004,380,160 | ---- | C] () -- \RogueKillerX64.exe
[2014/01/29 11:15:13 | 012,589,848 | ---- | C] () -- \mbar-1.07.0.1009.exe
[2014/01/27 18:59:31 | 000,688,992 | R--- | C] () -- \dds.com
[2014/01/27 18:26:32 | 002,079,232 | ---- | C] () -- \FRST64.exe
[2013/05/03 04:43:34 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/02 22:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/07 14:05:43 | 002,870,860 | ---- | C] () -- \Tightrope edit.mp3
[2012/10/29 07:45:53 | 012,189,838 | ---- | C] () -- \twow1.pdf
[2012/10/29 07:45:51 | 011,197,299 | ---- | C] () -- \twow2.pdf
[2012/09/14 15:19:53 | 000,000,416 | ---- | C] () -- \SGPortable.lnk
[2012/09/14 15:19:53 | 000,000,215 | R--- | C] () -- \AUTORUN_.INF
[2012/09/14 15:19:53 | 000,000,215 | -H-- | C] () -- \autorun.inf
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/05/02 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717
[2013/05/02 22:52:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013/05/02 22:53:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2013/12/04 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/12/04 19:28:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2014/01/10 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\Geek Squad
[2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo
[2013/05/02 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\NovaStor
[2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nuance
[2014/01/25 12:44:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\Oracle
[2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013/12/04 19:29:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2013/05/02 22:53:41 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Zeon
[2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/07/13 22:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2013/05/02 23:12:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2013/05/02 23:12:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Roaming
[2009/07/13 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2014/01/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/05/05 18:28:40 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/13 21:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/07/13 23:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2013/06/17 13:57:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2013/05/02 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Public\Roaming
[2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2013/05/02 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\User\.shsh
[2013/05/02 23:06:47 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Application Data
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
[2014/01/31 21:11:16 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
[2013/11/11 11:22:53 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
[2013/08/19 14:13:34 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
[2013/11/30 23:09:02 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
[2014/01/25 21:21:22 | 000,000,000 | R--D | M] -- C:\Users\User\Links
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Local Settings
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Music
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\My Documents
[2013/02/24 15:51:27 | 000,000,000 | ---D | M] -- C:\Users\User\My PaperPort.com
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\NetHood
[2013/12/05 09:37:25 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\PrintHood
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
[2013/05/02 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\User\Roaming
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Start Menu
[2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Templates
[2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Videos
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\Users\All Users\Temp:FD9CE1F3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FD9CE1F3
< End of report >
Broni
Posts: 56,041 +516
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
@Alternate Data Stream - 145 bytes -> C:\Users\All Users\Temp:FD9CE1F3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FD9CE1F3
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
lroman3
Posts: 246 +0
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ not found.
ADS C:\Users\All Users\Temp:FD9CE1F3 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:FD9CE1F3 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: User
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 565548 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02022014_115235
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000000F42340571A467860E not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ not found.
ADS C:\Users\All Users\Temp:FD9CE1F3 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:FD9CE1F3 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: User
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 565548 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02022014_115235
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000000F42340571A467860E not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
lroman3
Posts: 246 +0
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java(TM) 6 Update 11
Java 7 Update 51
Adobe Reader XI
Mozilla Firefox 20.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java(TM) 6 Update 11
Java 7 Update 51
Adobe Reader XI
Mozilla Firefox 20.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
lroman3
Posts: 246 +0
Farbar Service Scanner Version: 02-02-2014
Ran by User (administrator) on 02-02-2014 at 12:10:23
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Ran by User (administrator) on 02-02-2014 at 12:10:23
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Broni
Posts: 56,041 +516
Update Firefox to the latest 26.0 version.
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
14. Please, let me know, how your computer is doing.
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
14. Please, let me know, how your computer is doing.
lroman3
Posts: 246 +0
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: User
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1095406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02062014_053921
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: User
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1095406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02062014_053921
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
lroman3
Posts: 246 +0
PC is running great.
The only anomaly at the moment is Outlook. I went to launch outlook and I get prompted to create a new profile. It appears the mail profile has disappeared. Would you happen to have any thoughts on getting it back? I assume creating a new profile will mean that my contacts and other information will be lost.
The only anomaly at the moment is Outlook. I went to launch outlook and I get prompted to create a new profile. It appears the mail profile has disappeared. Would you happen to have any thoughts on getting it back? I assume creating a new profile will mean that my contacts and other information will be lost.
Similar threads
Latest posts
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Logitech thinks the computer mouse needs an AI upgrade- FaTaL replied
-
New Affordable AMD B650 Motherboard Roundup- Starfals replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
