Jump to content

gyberger

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. You are welcome! I will leave this open for a few days to make sure all is well. Will send you a reply Monday to close out. Thanks again! If I have trouble in the future I will look you up!!!!
  2. any programs you see that you would uninstall? Any recommendations appreciated. Thanks again!
  3. All is well....no other concerns. Do I need to delete these programs and files?
  4. OTM FILE All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Admin\Desktop\cmd.bat deleted successfully.C:\Users\Admin\Desktop\cmd.txt deleted successfully.C:\Users\Admin\Downloads\ccsetup414.exe moved successfully.C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 moved successfully.File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 not found.========== COMMANDS ========== [EMPTYTEMP] User: Admin->Temp folder emptied: 31832 bytes->Temporary Internet Files folder emptied: 11484272 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 6885941 bytes->Apple Safari cache emptied: 16384 bytes->Flash cache emptied: 598 bytes User: All Users User: AppData->Temp folder emptied: 0 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6440813 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 131170932 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 149.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 06202014_165852 Files moved on Reboot...File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  5. C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.H trojan C:\Users\Admin\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
  6. Everything seems to be working fine! Any programs you recommend to speedup or optimize computer? Can I delete FRST and the files it created or do I need to save? Where do you think this infection came from?(dont do porn,piracy,etc) Thanks again for your help. Will send donation to kevinf80 email by paypal.
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014 Ran by Admin at 2014-06-20 07:35:57 Run:1 Running from C:\Users\Admin\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll C:\Windows\System32\rpcss.dll Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" S3 Tosrfcom; No ImagePath S1 meofboht; \??\C:\Windows\system32\drivers\meofboht.sys [X] C:\Windows\system32\drivers\meofboht.sys 2014-06-11 11:23 - 2014-04-24 20:04 - 00000079 _____ () C:\Windows\system32\edsthc.ylh 2014-06-11 11:18 - 2014-06-09 15:44 - 00037376 _____ () C:\Windows\system32\ierzr.yxm 2014-06-11 11:18 - 2014-04-24 19:37 - 00000211 _____ () C:\Windows\system32\mxglci.geh C:\Windows\assembly\tmp C:\Windows\assembly\tmp\@ C:\Windows\assembly\tmp\cfg.ini C:\Windows\assembly\tmp\lsflt7.ver C:\Users\Admin\dxdllreg.exe Task: {20628802-42FE-4C92-AA3C-D2384B240DE6} - \Express FilesUpdate No Task File <==== ATTENTION AlternateDataStreams: C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomProperty AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 End ***************** C:\Windows\System32\rpcss.dll => Moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Tosrfcom => Service deleted successfully. meofboht => Service deleted successfully. "C:\Windows\system32\drivers\meofboht.sys" => File/Directory not found. C:\Windows\system32\edsthc.ylh => Moved successfully. C:\Windows\system32\ierzr.yxm => Moved successfully. Could not move "C:\Windows\system32\mxglci.geh" => Scheduled to move on reboot. C:\Windows\assembly\tmp => Moved successfully. "C:\Windows\assembly\tmp\@" => File/Directory not found. "C:\Windows\assembly\tmp\cfg.ini" => File/Directory not found. "C:\Windows\assembly\tmp\lsflt7.ver" => File/Directory not found. C:\Users\Admin\dxdllreg.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20628802-42FE-4C92-AA3C-D2384B240DE6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20628802-42FE-4C92-AA3C-D2384B240DE6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate' => Key deleted successfully. C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml => ":OECustomProperty" ADS removed successfully. C:\ProgramData\TEMP => ":07F6D9E4" ADS removed successfully. C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully. C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-20 07:38:21)<= C:\Windows\system32\mxglci.geh => Is moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/20/2014 Scan Time: 08:12:14 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.20.06 Rootkit Database: v2014.06.19.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Admin Scan Type: Threat Scan Result: Completed Objects Scanned: 296369 Time Elapsed: 23 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  8. Here ya go TFarbar Recovery Scan Tool (x64) Version: 18-06-2014 Ran by Admin at 2014-06-19 12:34:23Running from C:\Users\Admin\DesktopBoot Mode: Normal ================== Search Files: "rpcss.dll" ============= C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll[2009-05-30 06:43][2009-04-11 02:11] 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll[2009-04-17 11:25][2009-03-02 23:59] 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78 [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll[2009-04-17 11:25][2009-03-02 23:57] 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll[2008-01-20 21:51][2008-01-20 21:51] 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2 [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll[2009-04-17 11:25][2009-03-02 23:35] 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll[2009-04-17 11:25][2009-03-02 23:40] 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A [File is signed] C:\Windows\System32\rpcss.dll[2009-05-30 06:43][2009-04-11 02:11] 0723968 ____A (Microsoft Corporation) 7BA52C111735CEEE51B34776BAD82037 ====== End Of Search ======hanks
  9. Here are my logs FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01Ran by Admin (administrator) on ADMIN-PC on 11-06-2014 15:32:21Running from C:\Users\Admin\DesktopPlatform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe() C:\Toshiba\IVP\ISM\pinger.exe() C:\Toshiba\IVP\swupdate\swupdtmr.exe(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-10] (AVAST Software)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKU\S-1-5-21-3402813050-4047483925-927164663-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-06-02] (Glarysoft Ltd) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68C387DF3160CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.aspHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.aspHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.aspHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.aspStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {EAEE5007-FF2F-46F3-BD1F-148BFDAC541B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHBSearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHBSearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileHandler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: =======CHR HomePage: hxxp://www.yahoo.com/CHR StartupUrls: "hxxp://iron-start.com/"CHR Extension: (Magic Actions for YouTube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-10]CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]CHR Extension: (Cinetonic) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eapnnlcfnfkfgijohljclicblfnjfekg [2014-06-10]CHR Extension: (Print) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-06-10]CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10]CHR Extension: (Click&Clean App) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-10]CHR HKLM-x32\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Users\Admin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-19]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-10] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-10] (AVAST Software)R2 DcomLaunch; C:\Windows\system32\rpcss.dll [723968 2009-04-11] (Microsoft Corporation) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]R2 o2flash; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()R2 RpcSs; C:\Windows\System32\rpcss.dll [723968 2009-04-11] (Microsoft Corporation) [File not signed]R2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2012-12-24] () [File not signed]R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2012-12-24] () [File not signed]R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-11] (TOSHIBA Corporation)S2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2012-12-24] () [File not signed]R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]R2 XAudioService; C:\Windows\SysWOW64\DRIVERS\xaudio64.exe [0 2012-12-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-10] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-10] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-06-10] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-10] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-10] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-10] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-06-10] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-10] ()S1 Beep; No ImagePathS0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-24] (<Glarysoft Ltd>)S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-15] (Glarysoft Ltd)S3 IpInIp; No ImagePathS3 NwlnkFlt; No ImagePathS3 NwlnkFwd; No ImagePathR3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [4608 2009-01-20] (SupportSoft Inc.)S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)S3 Tosrfcom; No ImagePathS1 meofboht; \??\C:\Windows\system32\drivers\meofboht.sys [X]S1 MpKsl4856fa72; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45AA6195-6478-485C-8D42-DD786CABF017}\MpKsl4856fa72.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 15:32 - 2014-06-11 15:32 - 00016743 _____ () C:\Users\Admin\Desktop\FRST.txt2014-06-11 15:31 - 2014-06-11 15:32 - 00000000 ____D () C:\FRST2014-06-11 15:28 - 2014-06-11 15:29 - 02081792 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe2014-06-11 11:37 - 2014-06-11 11:37 - 00000296 _____ () C:\Windows\system32\spsys.log2014-06-11 00:00 - 2014-06-11 00:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\{161FF11B-290B-48AD-9C94-212BFF28C38B}2014-06-10 22:46 - 2014-06-10 22:50 - 00002036 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-10 22:46 - 2014-06-10 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-06-10 14:31 - 2014-06-10 14:31 - 00001840 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-06-10 14:30 - 2014-06-10 14:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-06-10 14:29 - 2014-06-10 14:31 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-06-10 14:29 - 2014-06-10 14:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-06-10 14:29 - 2014-06-10 14:31 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys2014-06-10 14:29 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.14024286957082014-06-10 14:29 - 2014-06-10 14:29 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-06-10 14:29 - 2014-06-10 14:29 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.14024286957082014-06-10 14:29 - 2014-06-10 14:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-06-10 14:29 - 2014-06-10 14:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-06-10 14:28 - 2014-06-10 14:28 - 00000000 ____D () C:\Program Files\AVAST Software2014-06-10 14:27 - 2014-06-10 14:27 - 00000000 ____D () C:\ProgramData\AVAST Software2014-06-10 14:20 - 2014-06-10 14:20 - 00000000 ____D () C:\OETemp2014-06-10 14:04 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Public\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp2014-06-10 12:57 - 2014-06-11 11:40 - 00048709 ____N () C:\Windows\WindowsUpdate.log2014-06-10 08:46 - 2014-06-10 08:48 - 00000000 ____D () C:\AdwCleaner2014-06-10 08:31 - 2014-06-10 08:31 - 00000000 ____D () C:\Windows\ERUNT2014-06-10 02:51 - 2014-06-10 02:51 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-10 01:39 - 2014-06-10 01:40 - 00618580 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI02AF.txt2014-06-10 01:39 - 2014-06-10 01:40 - 00015608 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI02AF.txt2014-06-09 23:52 - 2014-06-10 08:54 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-09 23:44 - 2014-06-09 23:45 - 00617130 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2A18.txt2014-06-09 23:44 - 2014-06-09 23:45 - 00012448 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2A18.txt2014-06-09 15:44 - 2014-06-11 11:18 - 00037376 _____ () C:\Windows\system32\ierzr.yxm2014-06-09 09:25 - 2014-06-11 11:38 - 00000538 _____ () C:\BackupLoader.ini2014-06-09 09:25 - 2014-06-02 20:26 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-05-19 01:32 - 2014-05-19 01:34 - 03187305 _____ () C:\Windows\umcat_01.db2014-05-18 21:31 - 2014-05-18 21:31 - 00615916 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0D56.txt2014-05-18 21:31 - 2014-05-18 21:31 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0D56.txt2014-05-16 08:19 - 2014-06-10 00:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp(174)2014-05-16 08:10 - 2014-05-16 08:10 - 00000000 ____D () C:\$RECYCLE(70).BIN2014-05-15 21:00 - 2014-05-15 21:01 - 00615938 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0B5D.txt2014-05-15 21:00 - 2014-05-15 21:01 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0B5D.txt2014-05-15 20:56 - 2014-05-15 20:57 - 00616716 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0846.txt2014-05-15 20:56 - 2014-05-15 20:57 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0846.txt2014-05-15 19:54 - 2014-05-15 19:56 - 00616324 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI596C.txt2014-05-15 19:54 - 2014-05-15 19:56 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI596C.txt2014-05-15 19:31 - 2014-05-07 09:19 - 05200039 ____R (Swearware) C:\Users\Admin\Documents\ComboFix.exe2014-05-15 19:26 - 2014-05-15 19:26 - 00026734 _____ () C:\Users\Admin\Documents\cc_20140515_192633.reg2014-05-15 19:04 - 2014-06-11 11:39 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-05-15 19:04 - 2014-06-10 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-05-15 19:04 - 2014-06-09 09:25 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 52014-05-15 19:04 - 2014-06-09 09:25 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-05-15 19:04 - 2014-06-09 09:25 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-05-15 19:04 - 2014-05-15 19:04 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-05-15 19:03 - 2014-06-10 23:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 52014-05-15 18:57 - 2014-05-15 18:58 - 00618418 _____ () C:\Windows\dd_vcredistMSI2D36.txt2014-05-15 18:57 - 2014-05-15 18:58 - 00012408 _____ () C:\Windows\dd_vcredistUI2D36.txt2014-05-15 18:34 - 2014-05-15 18:35 - 00617822 _____ () C:\Windows\dd_vcredistMSI1C1E.txt2014-05-15 18:34 - 2014-05-15 18:35 - 00014332 _____ () C:\Windows\dd_vcredistUI1C1E.txt2014-05-15 18:24 - 2014-05-15 18:25 - 00616772 _____ () C:\Windows\dd_vcredistMSI143C.txt2014-05-15 18:24 - 2014-05-15 18:25 - 00014284 _____ () C:\Windows\dd_vcredistUI143C.txt2014-05-15 17:33 - 2014-06-11 11:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-15 17:33 - 2014-06-10 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-15 17:33 - 2014-06-10 03:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-15 17:33 - 2014-06-09 23:40 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-15 17:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-15 17:24 - 2014-05-15 17:25 - 00616066 _____ () C:\Windows\dd_vcredistMSI65E7.txt2014-05-15 17:24 - 2014-05-15 17:25 - 00012312 _____ () C:\Windows\dd_vcredistUI65E7.txt2014-05-15 14:38 - 2014-05-15 14:38 - 00000000 ____D () C:\Windows\system32\config\HiveBackup ==================== One Month Modified Files and Folders ======= 2014-06-11 15:32 - 2014-06-11 15:32 - 00016743 _____ () C:\Users\Admin\Desktop\FRST.txt2014-06-11 15:32 - 2014-06-11 15:31 - 00000000 ____D () C:\FRST2014-06-11 15:32 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp2014-06-11 15:29 - 2014-06-11 15:28 - 02081792 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe2014-06-11 13:37 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-06-11 13:37 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-06-11 11:49 - 2014-05-15 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-11 11:40 - 2014-06-10 12:57 - 00048709 ____N () C:\Windows\WindowsUpdate.log2014-06-11 11:39 - 2014-05-15 19:04 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-06-11 11:38 - 2014-06-09 09:25 - 00000538 _____ () C:\BackupLoader.ini2014-06-11 11:37 - 2014-06-11 11:37 - 00000296 _____ () C:\Windows\system32\spsys.log2014-06-11 11:37 - 2014-05-05 19:06 - 00408608 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-11 11:37 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-11 11:31 - 2014-05-07 09:24 - 00000000 ____D () C:\Windows\erdnt2014-06-11 11:23 - 2014-04-24 20:04 - 00000079 _____ () C:\Windows\system32\edsthc.ylh2014-06-11 11:18 - 2014-06-09 15:44 - 00037376 _____ () C:\Windows\system32\ierzr.yxm2014-06-11 11:18 - 2014-04-24 19:37 - 00000211 _____ () C:\Windows\system32\mxglci.geh2014-06-11 10:52 - 2006-11-02 10:42 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-11 10:48 - 2013-12-10 22:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-11 10:48 - 2013-12-05 00:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-11 00:00 - 2014-06-11 00:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\{161FF11B-290B-48AD-9C94-212BFF28C38B}2014-06-10 23:01 - 2014-05-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 52014-06-10 22:50 - 2014-06-10 22:46 - 00002036 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-10 22:46 - 2014-06-10 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-06-10 22:46 - 2009-06-15 10:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google2014-06-10 22:45 - 2009-06-15 10:17 - 00000000 ____D () C:\Program Files (x86)\Google2014-06-10 22:43 - 2013-12-10 22:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-10 22:43 - 2013-12-10 22:48 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-10 14:53 - 2014-04-28 20:33 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-06-10 14:36 - 2014-06-10 14:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-06-10 14:31 - 2014-06-10 14:31 - 00001840 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-06-10 14:31 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-06-10 14:31 - 2014-06-10 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-06-10 14:31 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys2014-06-10 14:29 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.14024286957082014-06-10 14:29 - 2014-06-10 14:29 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-06-10 14:29 - 2014-06-10 14:29 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-06-10 14:29 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.14024286957082014-06-10 14:29 - 2014-06-10 14:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-06-10 14:29 - 2014-06-10 14:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-06-10 14:28 - 2014-06-10 14:28 - 00000000 ____D () C:\Program Files\AVAST Software2014-06-10 14:27 - 2014-06-10 14:27 - 00000000 ____D () C:\ProgramData\AVAST Software2014-06-10 14:20 - 2014-06-10 14:20 - 00000000 ____D () C:\OETemp2014-06-10 14:16 - 2012-09-04 12:08 - 00001945 _____ () C:\Windows\epplauncher.mif2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Public\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp2014-06-10 13:56 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini2014-06-10 09:05 - 2014-04-29 19:39 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine2014-06-10 08:54 - 2014-06-09 23:52 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-10 08:48 - 2014-06-10 08:46 - 00000000 ____D () C:\AdwCleaner2014-06-10 08:31 - 2014-06-10 08:31 - 00000000 ____D () C:\Windows\ERUNT2014-06-10 03:23 - 2006-11-02 07:46 - 00795200 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-10 03:17 - 2009-03-09 15:33 - 00000000 ____D () C:\Users\Admin2014-06-10 03:16 - 2013-07-09 09:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag2014-06-10 03:16 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\Msdtc2014-06-10 03:15 - 2006-11-02 07:33 - 92012544 _____ () C:\Windows\system32\config\software_previous2014-06-10 03:15 - 2006-11-02 07:33 - 53477376 _____ () C:\Windows\system32\config\components_previous2014-06-10 03:15 - 2006-11-02 07:33 - 22544384 _____ () C:\Windows\system32\config\system_previous2014-06-10 03:15 - 2006-11-02 07:33 - 00524288 _____ () C:\Windows\system32\config\default_previous2014-06-10 03:15 - 2006-11-02 07:33 - 00053248 _____ () C:\Windows\system32\config\sam_previous2014-06-10 03:15 - 2006-11-02 07:33 - 00024576 _____ () C:\Windows\system32\config\security_previous2014-06-10 03:08 - 2014-05-15 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-06-10 03:08 - 2014-05-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-10 03:08 - 2014-05-15 17:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-10 03:08 - 2014-04-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-06-10 03:08 - 2013-11-06 02:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live2014-06-10 03:08 - 2013-08-12 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office2014-06-10 03:08 - 2010-10-16 16:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Disk Cleaner2014-06-10 03:08 - 2010-06-05 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-06-10 03:08 - 2009-02-24 04:05 - 00000000 ____D () C:\Windows\system32\nn-NO2014-06-10 03:08 - 2009-02-24 03:45 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-10 03:08 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\tr-TR2014-06-10 03:08 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\spool2014-06-10 03:08 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration2014-06-10 02:51 - 2014-06-10 02:51 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-10 02:28 - 2011-10-01 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware2014-06-10 01:40 - 2014-06-10 01:39 - 00618580 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI02AF.txt2014-06-10 01:40 - 2014-06-10 01:39 - 00015608 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI02AF.txt2014-06-10 01:38 - 2011-10-01 19:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes2014-06-10 01:34 - 2013-07-10 11:26 - 00000000 ____D () C:\Windows\system32\MRT2014-06-10 01:28 - 2010-07-22 20:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GlarySoft2014-06-10 01:00 - 2011-10-01 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-06-10 00:54 - 2014-05-16 08:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp(174)2014-06-10 00:18 - 2014-05-01 12:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps2014-06-09 23:45 - 2014-06-09 23:44 - 00617130 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2A18.txt2014-06-09 23:45 - 2014-06-09 23:44 - 00012448 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2A18.txt2014-06-09 23:40 - 2014-05-15 17:33 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-09 09:25 - 2014-05-15 19:04 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 52014-06-09 09:25 - 2014-05-15 19:04 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-06-09 09:25 - 2014-05-15 19:04 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-06-06 09:06 - 2014-04-24 19:38 - 00037888 _____ () C:\Windows\system32\ohayhgz.moe2014-06-04 14:40 - 2009-03-10 11:35 - 00000000 ____D () C:\Users\Admin\Documents\SCA2014-06-02 20:26 - 2014-06-09 09:25 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-05-19 07:17 - 2011-10-01 19:10 - 00946601 _____ () C:\Users\Admin\AppData\Local\census.cache2014-05-19 07:17 - 2011-10-01 19:09 - 00160990 _____ () C:\Users\Admin\AppData\Local\ars.cache2014-05-19 01:34 - 2014-05-19 01:32 - 03187305 _____ () C:\Windows\umcat_01.db2014-05-18 21:31 - 2014-05-18 21:31 - 00615916 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0D56.txt2014-05-18 21:31 - 2014-05-18 21:31 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0D56.txt2014-05-18 20:42 - 2009-03-10 08:43 - 00001460 _____ () C:\Users\Admin\AppData\Local\d3d9caps64.dat2014-05-16 08:10 - 2014-05-16 08:10 - 00000000 ____D () C:\$RECYCLE(70).BIN2014-05-15 22:14 - 2014-05-02 07:37 - 00002974 _____ () C:\Windows\System32\Tasks\GU4SkipUAC2014-05-15 21:01 - 2014-05-15 21:00 - 00615938 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0B5D.txt2014-05-15 21:01 - 2014-05-15 21:00 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0B5D.txt2014-05-15 20:57 - 2014-05-15 20:56 - 00616716 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0846.txt2014-05-15 20:57 - 2014-05-15 20:56 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0846.txt2014-05-15 19:56 - 2014-05-15 19:54 - 00616324 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI596C.txt2014-05-15 19:56 - 2014-05-15 19:54 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI596C.txt2014-05-15 19:26 - 2014-05-15 19:26 - 00026734 _____ () C:\Users\Admin\Documents\cc_20140515_192633.reg2014-05-15 19:09 - 2012-09-04 10:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-15 19:09 - 2011-08-14 18:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-15 19:07 - 2008-05-13 21:26 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-05-15 19:06 - 2012-09-05 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe2014-05-15 19:04 - 2014-05-15 19:04 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-05-15 19:04 - 2013-06-15 20:08 - 00000000 ____D () C:\ProgramData\GlarySoft2014-05-15 18:58 - 2014-05-15 18:57 - 00618418 _____ () C:\Windows\dd_vcredistMSI2D36.txt2014-05-15 18:58 - 2014-05-15 18:57 - 00012408 _____ () C:\Windows\dd_vcredistUI2D36.txt2014-05-15 18:35 - 2014-05-15 18:34 - 00617822 _____ () C:\Windows\dd_vcredistMSI1C1E.txt2014-05-15 18:35 - 2014-05-15 18:34 - 00014332 _____ () C:\Windows\dd_vcredistUI1C1E.txt2014-05-15 18:25 - 2014-05-15 18:24 - 00616772 _____ () C:\Windows\dd_vcredistMSI143C.txt2014-05-15 18:25 - 2014-05-15 18:24 - 00014284 _____ () C:\Windows\dd_vcredistUI143C.txt2014-05-15 18:16 - 2006-11-02 07:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-05-15 17:33 - 2011-10-01 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-15 17:25 - 2014-05-15 17:24 - 00616066 _____ () C:\Windows\dd_vcredistMSI65E7.txt2014-05-15 17:25 - 2014-05-15 17:24 - 00012312 _____ () C:\Windows\dd_vcredistUI65E7.txt2014-05-15 14:38 - 2014-05-15 14:38 - 00000000 ____D () C:\Windows\system32\config\HiveBackup2014-05-12 07:26 - 2014-05-15 17:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:26 - 2014-04-25 00:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:25 - 2011-10-01 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ZeroAccess:C:\Windows\assembly\tmpC:\Windows\assembly\tmp\@C:\Windows\assembly\tmp\cfg.iniC:\Windows\assembly\tmp\lsflt7.ver Files to move or delete:====================C:\Users\Admin\dxdllreg.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll[2009-05-30 06:43] - [2009-04-11 02:11] - 0723968 ____A (Microsoft Corporation) 7BA52C111735CEEE51B34776BAD82037 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-11 11:43 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01Ran by Admin at 2014-06-11 15:33:34Running from C:\Users\Admin\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Atheros Client Utility (HKLM-x32\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: 7.7 - Atheros)Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) HiddenCatalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Cisco EAP-FAST Module (HKLM-x32\...\{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}) (Version: 2.2.10 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{99A4344A-C723-4661-A507-D9D939480358}) (Version: 1.0.16 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{CD344FA5-6657-47CD-940F-8727EED35595}) (Version: 1.1.3 - Cisco Systems, Inc.)Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.10.0 - Conexant)CyberLink PowerCinema for TOSHIBA (x32 Version: 6.0.1616 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version: - )DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) HiddenDJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) HiddenDVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)Glary Utilities 5.1 (HKLM-x32\...\Glary Utilities 5) (Version: 5.1.0.4 - Glarysoft Ltd)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (HKLM\...\{387D9916-BD27-480f-8CF0-3228832BBAA2}) (Version: 10.0 - HP)Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )Java 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.57.4.3 - Marvell)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}) (Version: 3.23 - O2Micro)PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD)Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (Version: 2.0.2.64 - TOSHIBA) HiddenTOSHIBA Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.50 - WildTangent)TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}) (Version: - )TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) HiddenTOSHIBA PowerCinema Helper (HKLM-x32\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b for x64 - TOSHIBA Corporation)Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)TOSHIBA Software Upgrades (HKLM-x32\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}) (Version: - )TOSHIBA Supervisor Password (Version: 3.00.01.00 - TOSHIBA) HiddenTOSHIBA Value Added Package (Version: 1.1.19.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.1.19.64 - TOSHIBA Corporation) HiddenUnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) HiddenUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) HiddenWindows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) HiddenWindows Migration Assistant (HKLM-x32\...\{1A3A92EC-A218-4FEE-8A51-05BCD409A048}) (Version: 1.0.5.6 - Apple Inc.) ==================== Restore Points ========================= 10-06-2014 05:53:49 Restore Operation10-06-2014 06:23:30 Windows Update10-06-2014 06:46:00 Windows Update10-06-2014 06:49:42 Windows Update10-06-2014 06:51:14 Restore Operation10-06-2014 06:58:17 Restore Operation10-06-2014 07:43:33 Windows Update10-06-2014 08:00:16 Windows Update10-06-2014 08:02:15 Restore Operation10-06-2014 08:31:25 Windows Update10-06-2014 14:23:14 Windows Update10-06-2014 17:47:49 Windows Update10-06-2014 19:28:33 avast! antivirus system restore point ==================== Hosts content: ========================== 2011-10-01 21:28 - 2014-06-10 13:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1599547B-2DFD-447C-9C99-2D19B14D5FF1} - System32\Tasks\{1751309A-64FC-429C-A36B-605FA662BC78} => C:\Program Files (x86)\Skype\\Phone\Skype.exeTask: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {20628802-42FE-4C92-AA3C-D2384B240DE6} - \Express FilesUpdate No Task File <==== ATTENTIONTask: {23E20C6F-F237-453F-BABF-C028928850E3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {669C9A9A-35A6-487C-A26B-1FE07B216227} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-10] (AVAST Software)Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {9FFE3909-1161-4238-8C85-99A60DE81B0B} - System32\Tasks\{0BEA3C2E-45DC-4E95-96BC-CF2B230D9DDA} => C:\Program Files (x86)\Skype\\Phone\Skype.exeTask: {A18CE602-5525-418F-BB1B-8149A7D135CB} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-06-02] (Glarysoft Ltd)Task: {A469BF70-7163-4BC3-8E9C-E5BA2F6DDC00} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exeTask: {C86DC14B-9C5A-4C07-AC90-E3870B09C261} - System32\Tasks\{23331D86-63C5-4A92-96A7-82ADD63FBD56} => C:\Program Files (x86)\Skype\\Phone\Skype.exeTask: {C9BAF018-A0E0-4CF3-ACCE-797944E2956C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {CA866663-2913-4256-ADE7-0ACF97769B29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {F9D82AD6-CDDA-4854-9F61-BDCE4BD130E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)Task: {FB6FF0F6-4ED0-47F5-A638-5ECF3A380C84} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-07-04 02:36 - 2012-07-04 02:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2008-05-13 21:22 - 2007-01-25 20:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe2008-05-13 21:22 - 2007-10-23 18:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe2008-04-24 21:25 - 2008-04-24 21:25 - 00135680 _____ () C:\Windows\system32\SmartFaceVCtrl.dll2008-04-24 21:25 - 2008-04-24 21:25 - 07553024 _____ () C:\Windows\system32\FaceHI.dll2008-04-24 21:25 - 2008-04-24 21:25 - 01032704 _____ () C:\Windows\system32\FaceRec.dll2012-07-04 00:09 - 2012-07-04 00:09 - 00045056 _____ () C:\Windows\system32\atitmp64.dll2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-06-11 10:49 - 2014-06-11 10:49 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061100\algo.dll2014-06-10 14:29 - 2014-06-10 14:29 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-06-10 22:45 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-10 22:45 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-10 22:45 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomPropertyAlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesMSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrunMSCONFIG\startupreg: iTunesHelper => MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyMSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Skype => MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEMSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hideMSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/11/2014 11:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:32:02 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c). Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c. Operation: Instantiating VSS server Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 18) (User: )Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c] Operation: Instantiating VSS server Error: (06/11/2014 11:26:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module ieframe.dll, version 9.0.8112.16545, time stamp 0x531a96d4, exception code 0xc0000005, fault offset 0x0000000000132807,process id 0x8c0, application start time 0xsvchost.exe0. Error: (06/11/2014 11:13:58 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:13:31 AM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/11/2014 11:04:03 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:03:38 AM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/11/2014 10:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: Beep Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: TOSHIBA Optical Disc Drive Service%%2 Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Apple Mobile Device%%1053 Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Apple Mobile Device Error: (06/11/2014 11:32:01 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (06/11/2014 11:25:15 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097} Error: (06/11/2014 11:13:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: aswRvrtaswSnxaswSPaswTdiaswVmmBeepspldrWanarpv6 Error: (06/11/2014 11:13:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer BrowserServer%%1068 Error: (06/11/2014 11:13:34 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (06/11/2014 11:13:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: C:\Windows\system32\athihvs.dll21 Microsoft Office Sessions:=========================Error: (06/11/2014 11:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:32:02 AM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 8193) (User: )Description: CoCreateInstance0x8007043c Operation: Instantiating VSS server Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 18) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x8007043c Operation: Instantiating VSS server Error: (06/11/2014 11:26:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: svchost.exe6.0.6001.1800047919291ieframe.dll9.0.8112.16545531a96d4c000000500000000001328078c001cf8590c8ff82a9 Error: (06/11/2014 11:13:58 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:13:31 AM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/11/2014 11:04:03 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2014 11:03:38 AM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/11/2014 10:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-06-11 15:33:22.548 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:21.490 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:20.482 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:19.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:18.466 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:17.479 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:16.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:15.661 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:14.593 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 15:33:13.536 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 41%Total physical RAM: 3837.41 MBAvailable physical RAM: 2235.01 MBTotal Pagefile: 7887.35 MBAvailable Pagefile: 6184.43 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (SQ004732V03) (Fixed) (Total:288.67 GB) (Free:198.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 445C445B)Partition 1: (Not Active) - (Size=1 GB) - (Type=27)Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=8 GB) - (Type=17) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.