-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows 8 x64
Ran by TL on Mon 07/29/2013 at 16:56:39.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\TL\AppData\Roaming\mozilla\firefox\profiles\iwbelqls.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/29/2013 at 17:03:01.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
OTL logfile created on: 7/29/2013 5:05:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TL\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.44 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 70.89% Memory free
10.94 Gb Paging File | 9.15 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.67 Gb Total Space | 649.25 Gb Free Space | 94.55% Space Free | Partition Type: NTFS
Computer Name: TEE | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/29 17:05:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TL\Downloads\OTL.exe
PRC - [2013/07/27 23:12:36 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013/06/18 10:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/04 20:30:12 | 001,549,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/27 23:12:34 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/06/18 10:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/04/03 13:17:38 | 000,100,752 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2013/03/26 20:37:02 | 000,216,976 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2013/03/19 13:45:20 | 000,053,864 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2013/03/13 03:25:12 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/03/13 02:03:00 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/04 14:49:16 | 000,324,448 | ---- | M] (Toshiba Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/28 21:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/12 03:38:40 | 000,205,560 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012/09/20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 04:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/15 12:43:48 | 000,016,720 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe -- (dts_apo_service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 23:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 04:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/03 21:41:46 | 002,196,120 | ---- | M] (Toshiba America Information Systems.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/06/01 07:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 15:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/03 13:17:42 | 000,360,336 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013/03/25 22:01:16 | 000,110,976 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2013/03/21 15:21:00 | 000,217,824 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2013/03/13 03:58:20 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/13 01:34:16 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/12 21:39:44 | 001,544,704 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/27 01:58:58 | 001,680,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/02/07 20:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/01/28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/15 22:11:30 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/01/15 19:43:58 | 000,119,376 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/29 11:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/26 22:40:00 | 000,014,000 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{805EF1CD-BA42-4609-9024-7FBF8CD8016F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{805EF1CD-BA42-4609-9024-7FBF8CD8016F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.1.20130511125033
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/07/24 20:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TL\AppData\Roaming\mozilla\Extensions
[2013/07/24 20:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TL\AppData\Roaming\mozilla\Firefox\Profiles\iwbelqls.default\extensions
[2013/07/24 20:50:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\TL\AppData\Roaming\mozilla\Firefox\Profiles\iwbelqls.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/27 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/24 20:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/24 20:16:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/24 20:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/07/24 20:16:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B14EA9A-ED96-481B-8FF2-C42C09A2A3B4}: DhcpNameServer = 192.168.1.1 68.238.112.12
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/29 16:56:37 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/28 17:48:33 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/07/28 17:38:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/28 17:26:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/28 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\temp
[2013/07/28 17:15:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/28 17:15:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/28 17:15:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2013/07/28 17:15:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/28 17:15:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/28 17:15:30 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/28 13:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/28 10:06:42 | 000,000,000 | ---D | C] -- C:\Users\TL\Documents\mbar-1.06.0.1004
[2013/07/28 09:49:07 | 000,000,000 | ---D | C] -- C:\Users\TL\Desktop\RK_Quarantine
[2013/07/27 23:12:49 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Macromedia
[2013/07/27 21:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013/07/27 21:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2013/07/27 21:20:43 | 008,437,760 | ---- | C] (IvoSoft) -- C:\Users\TL\Desktop\ClassicShellSetup_3_6_8.exe
[2013/07/27 21:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/27 20:59:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/27 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/27 20:51:33 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Malwarebytes
[2013/07/27 20:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/27 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Programs
[2013/07/27 20:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/07/27 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/07/26 19:14:47 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Diagnostics
[2013/07/24 20:50:11 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Mozilla
[2013/07/24 20:50:11 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Mozilla
[2013/07/24 20:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Saver
[2013/07/24 20:22:22 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/07/24 20:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/24 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/07/24 20:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/24 19:53:07 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\sMedio
[2013/07/24 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\CrashDumps
[2013/07/23 22:28:20 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Macromedia
[2013/07/23 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\WildTangent
[2013/07/23 22:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place
[2013/07/23 22:08:55 | 000,000,000 | ---D | C] -- C:\Users\TL\Documents\Book Place
[2013/07/23 22:08:55 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Book Place
[2013/07/23 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\ATI
[2013/07/23 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\ATI
[2013/07/23 21:02:08 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Toshiba
[2013/07/23 21:01:12 | 000,000,000 | R--D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/23 21:01:12 | 000,000,000 | R--D | C] -- C:\Users\TL\Searches
[2013/07/23 21:01:12 | 000,000,000 | R--D | C] -- C:\Users\TL\Contacts
[2013/07/23 21:01:12 | 000,000,000 | R--D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/23 21:01:12 | 000,000,000 | -H-D | C] -- C:\Users\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/23 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Adobe
[2013/07/23 21:00:59 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\WinBatch
[2013/07/23 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\VirtualStore
[2013/07/23 20:58:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/23 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Packages
[2013/07/23 20:58:19 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\AppData\Local\Temporary Internet Files
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Templates
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Start Menu
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\SendTo
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Recent
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\PrintHood
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\NetHood
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Documents\My Videos
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Documents\My Pictures
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Documents\My Music
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\My Documents
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Local Settings
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\AppData\Local\History
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Cookies
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\Application Data
[2013/07/23 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\TL\AppData\Local\Application Data
[2013/07/23 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Microsoft
[2013/07/23 20:58:10 | 000,000,000 | --SD | C] -- C:\Users\TL\AppData\Roaming\Microsoft
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Videos
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Saved Games
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Pictures
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Music
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Links
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Favorites
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Downloads
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Documents
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\Desktop
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/23 20:58:10 | 000,000,000 | R--D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/23 20:58:10 | 000,000,000 | -H-D | C] -- C:\Users\TL\AppData
[2013/07/23 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Local\Pokki
[2013/07/23 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
========== Files - Modified Within 30 Days ==========
[2013/07/29 16:57:16 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/29 16:57:16 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/29 16:57:16 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/29 16:51:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/29 16:49:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/29 16:49:36 | 377,909,247 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 16:47:47 | 000,001,150 | ---- | M] () -- C:\Users\TL\Desktop\adwcleaner - Shortcut.lnk
[2013/07/28 22:26:56 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin
[2013/07/28 17:39:03 | 000,001,075 | ---- | M] () -- C:\Users\TL\Desktop\rkill - Shortcut.lnk
[2013/07/27 21:20:52 | 008,437,760 | ---- | M] (IvoSoft) -- C:\Users\TL\Desktop\ClassicShellSetup_3_6_8.exe
[2013/07/27 21:00:05 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/27 20:46:38 | 000,283,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/26 18:14:25 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/07/24 20:22:03 | 1203,972,712 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/07/24 20:16:47 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/24 20:07:36 | 000,001,435 | ---- | M] () -- C:\Users\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/23 22:28:19 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/23 21:31:05 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
========== Files Created - No Company Name ==========
[2013/07/29 16:47:47 | 000,001,150 | ---- | C] () -- C:\Users\TL\Desktop\adwcleaner - Shortcut.lnk
[2013/07/28 17:39:03 | 000,001,075 | ---- | C] () -- C:\Users\TL\Desktop\rkill - Shortcut.lnk
[2013/07/28 17:15:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/28 17:15:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/28 17:15:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/28 17:15:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/28 17:15:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/27 21:00:05 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/26 18:14:25 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/07/24 20:36:31 | 000,283,248 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/24 20:22:03 | 1203,972,712 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/07/24 20:16:45 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/24 20:16:40 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/24 20:07:36 | 000,001,435 | ---- | C] () -- C:\Users\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/23 22:37:32 | 000,386,642 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/07/23 22:28:18 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2013/07/23 21:31:05 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/07/23 21:01:07 | 000,001,441 | ---- | C] () -- C:\Users\TL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/23 20:58:11 | 000,000,352 | ---- | C] () -- C:\Users\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/23 20:58:11 | 000,000,334 | ---- | C] () -- C:\Users\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/23 19:51:08 | 377,909,247 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/04 01:23:34 | 000,229,376 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2013/06/04 01:23:34 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2013/06/04 01:23:34 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\UMonit64.exe
[2013/06/04 01:23:34 | 000,001,519 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini
[2013/06/04 01:23:34 | 000,000,912 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2013/06/04 01:23:34 | 000,000,213 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2013/06/04 01:19:39 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/06/04 01:10:13 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/04/29 01:11:14 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/04/29 01:11:14 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/04/29 01:11:14 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2013/04/29 01:11:12 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
[2013/04/29 01:11:11 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2013/04/28 22:11:51 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/11/27 04:18:46 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
-
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/07/23 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\TL\AppData\Roaming\Book Place
[2013/07/24 19:53:07 | 000,000,000 | ---D | M] -- C:\Users\TL\AppData\Roaming\sMedio
[2013/07/23 22:28:15 | 000,000,000 | ---D | M] -- C:\Users\TL\AppData\Roaming\WildTangent
[2013/07/23 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\TL\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
-
OTL Extras logfile created on: 7/29/2013 5:05:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TL\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.44 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 70.89% Memory free
10.94 Gb Paging File | 9.15 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.67 Gb Total Space | 649.25 Gb Free Space | 94.55% Space Free | Partition Type: NTFS
Computer Name: TEE | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141DF4B0-5322-47E6-A2C8-B1402C9D64B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BDD6669-0721-45C6-9A28-3E206140F540}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27F854DA-AEFB-4C26-B88F-D822D53D2D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2CC443B4-E632-41C5-A363-32BC604340E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{31DA3D29-0919-4C80-AFC3-575650637B55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{36618343-2388-4DD9-A090-427EDDA0B8F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36A0C66D-CE73-48EC-8EE2-F048E5C63D09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39E24C1B-1A43-43F5-84BC-406B4C0F1871}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F09C9C4-8663-471B-81F1-0B470240DFD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{45A4DC5C-8F3D-4F10-8CBE-5ADD359A1F1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64F99505-60F1-43F6-B03F-8E37F96343E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{76383F14-2DB2-465C-922A-59839FECBCCA}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A0D5402-0B23-49C8-B5CA-DBF061E4857B}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C93A2F7-C904-49EB-A74E-41C65F52A295}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F4DE891-A005-48EF-9A3A-8F8E66B97BCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CC170E2-87D4-4EE5-AED3-2463C6670B03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A539F1F1-01A2-42F7-8D74-B18585D92C6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A985EDA2-0828-4CE2-87D4-BF84559EC5DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{B6121210-B4BA-486C-83D5-96BF46B1EED6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E3D4E9CA-A1E6-4B1F-97D2-1D733CB5799C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5D30590-5013-4E84-8747-2E974BC11380}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DB3DEE-7653-4779-AEBD-395D34C97ED7}" = dir=out | name=windows_ie_ac_001 |
"{05102B2F-A49F-4504-BB73-A4F54B3B6637}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0558756F-31A3-4ADB-8684-453D84BE520F}" = dir=out | name=iheartradio |
"{07683031-4FB4-4E34-8E1B-3248FFA8EF2D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{08740891-079D-4547-9D5E-18526C72D195}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{0C47EC5B-6366-4EB0-8783-E74641E8D3D5}" = dir=out | name=evernote touch |
"{0D2777ED-8384-4029-BDE6-E5613303C0F8}" = dir=out | name=book place |
"{0DF515B8-C551-4B8B-9DCD-693212CA7E53}" = protocol=58 | dir=out | [email protected],-28546 |
"{0ED3CC47-44E0-4DC8-97C1-0FEAA4D44DB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F50D1BD-BBC4-465F-8157-07B98218F918}" = protocol=6 | dir=out | app=system |
"{15424329-16F3-4D13-BF80-917A08812B8E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{15F53387-5F86-454B-BBD5-4F38B0BFF8A2}" = dir=out | name=netflix |
"{17B5577B-3232-436B-A598-7E4515DC3DA6}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{193A9117-6FA8-476F-A39B-1923BA766F35}" = dir=in | name=ebay |
"{249D25C2-CC63-4D5F-B45B-D15F36401326}" = dir=in | name=evernote |
"{28EC54DC-4C62-4280-BADD-5AE5430A4875}" = dir=out | name=amazon |
"{2A2EB069-D537-48E7-BEB0-7FF67DA1C96C}" = dir=out | name=stumbleupon |
"{2DC11B95-06DD-4FD2-A6B0-00AE8B9C810C}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{2FA13E83-CF9A-4E9C-B1E8-CD8052929773}" = dir=out | name=ebay |
"{3303B404-7B55-4774-BD07-46443BA8157E}" = dir=out | name=- games app - |
"{35F485B0-4B53-443A-89D5-6FD0FCA15F3B}" = dir=out | name=ebay |
"{3861CB9D-3CF6-4B14-8379-130605D6F92B}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3C3D2C53-E1C4-4FAB-9343-8E40A049A3F5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4758B258-4FD1-46F9-8D6D-854800725030}" = dir=in | name=evernote touch |
"{48D2D893-1D78-4E6D-9A8E-44C41D9F0D5F}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{491A837E-D429-4FEC-A038-5F2E21C3EB0C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4ADB4381-9326-4A98-8916-1CEDE480BC2C}" = dir=out | name=toshiba central |
"{4BE5E119-8111-4F23-B835-92BD29CDED7B}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{5221C95F-F4CA-4C0C-86ED-CE8D49F5FF3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52D9E42C-D17F-466A-A20A-6FD52CEDD0B8}" = dir=out | name=deals & offers |
"{5361D6DA-AB54-46E5-8E0F-2C4779EE3B24}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{551B07C7-DB07-4090-8513-FF98BCA22284}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{55FE0CB5-8EB8-4130-8CC2-A87A352E8359}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{560C727F-D3E4-4675-8513-391BEC1661CD}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{57276125-9AAA-4119-B2E8-8427B4123C26}" = protocol=1 | dir=in | [email protected],-28543 |
"{5BEF7FF7-72AD-4395-B06C-AB152A54FD63}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{68C1ABCB-21E7-4773-B400-8A00E0F798BA}" = dir=out | name=skype |
"{6D7A7074-FCF7-4BD7-ADE4-EF8F0F6F0E0A}" = protocol=58 | dir=in | [email protected],-28545 |
"{76F68964-788A-41FC-A566-1DA512143EC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77752390-414C-4480-9976-392C65744FF6}" = dir=out | name=norton studio |
"{781174B9-1B29-43F1-BF03-F0E90FAAD359}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{787B6D72-3776-4721-B5F3-15F9766A65C3}" = dir=out | name=netflix |
"{7EEB8D51-E854-4BAE-A080-A4F023DEDF64}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81DBD25D-F38E-467B-8644-7CFDF848E170}" = dir=out | name=toshiba central |
"{84B178FD-F92F-4404-8395-6259D084267B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85C75B01-C742-46C2-B7E9-FD03CB57E087}" = dir=in | name=skype |
"{866E5ADE-AA1D-403D-BB9F-4290CE2CECCE}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{88CA1737-112D-4C60-8C8F-A1E118B38792}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8CFB7CC7-17B9-4062-8C0E-621627A03C5A}" = dir=in | name=toshiba media player by smedio truelink+ |
"{8D94E4E9-1DFE-49A8-A531-A24B4FA4059D}" = dir=out | name=deals & offers |
"{8E4DB929-01EF-4AEA-B0A8-F7E6719D4DC6}" = dir=out | name=news place |
"{91A563CB-CFF2-4F21-B377-B850B77D9D84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92BCF3DD-D3B4-4F26-BC2E-B076FE47B802}" = dir=out | name=toshiba media player by smedio truelink+ |
"{94AE9506-E099-4BE6-BB9E-2B52F5A74964}" = dir=out | name=book place |
"{94FF1040-477B-408F-9608-DCE7FA012A58}" = dir=out | name=vimeo |
"{9AFC554F-2214-40F3-BCC4-426D47E6B75A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9BAA8CCF-7462-408B-9104-9B7E746462FB}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A387123F-A2B8-49B6-B05E-831BBEDBA133}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F0BD06-93E7-4420-8906-60E6BBEEA9BA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{A7B627D6-F75A-4F94-B610-70A1342ECEA6}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{AD481B76-388A-4593-8148-E194D4915DD2}" = dir=out | name=stumbleupon |
"{B264B622-99C5-4445-A379-2D89817F89CA}" = dir=out | name=evernote |
"{B58C37E3-91FD-4DDB-852C-A4CC54B52CB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B67E40A1-05C6-4BC1-A962-CAE14432C46E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B794C375-0A67-4A4E-88DB-2040B9FBC34C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBB87DF8-0AC5-48EE-82E2-E115FC757CEB}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{BFBE757F-76AA-40B5-A418-326A3DD90271}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3BCBD83-ECB0-4BCF-A05A-59A2BE2517B6}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C6EEF9F3-0827-4CD1-BAAF-89287A69010F}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C7465A8E-B2FE-4D9C-A542-8235FE7E0A77}" = dir=in | name=toshiba media player by smedio truelink+ |
"{C8F89FF3-FCB9-4D29-BB44-5959CC3B5097}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{CA3A7376-45DB-44D9-AFE1-FB7EF5D549E8}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{CA4926C0-E08D-4797-BEB1-AC0188F46366}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{CC13AFD5-95A8-4383-8E9E-43F3B9160F6C}" = dir=out | name=iheartradio |
"{CC9D59F5-38B5-4D42-8B8B-57687125884C}" = dir=out | name=amazon |
"{D0EB6124-A62D-4EE0-B9F8-05FBC66BBE6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0F3ED53-BF56-4C85-BF42-050F3C499C5C}" = dir=out | name=hulu plus |
"{D134EDFE-2ECE-4FB4-9D58-14AF4780D9AE}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D59F8C37-6344-412C-AF35-A5C065484FB5}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D677DA78-E27B-4533-BBDD-96F2D64B587B}" = protocol=6 | dir=in | app=c:\users\tl\appdata\local\temp\7zsfb5f.tmp\symnrt.exe |
"{DB003AE4-C5F7-4E38-BB18-506007549CA7}" = dir=out | name=news place |
"{DBAC061E-CAD2-4F55-9887-918445BD9A79}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{DC5B1F0C-DAF3-44C6-91B9-034A433AD0AC}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{DD563462-5C28-4311-BFA1-16C8415F8C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1B03889-CFB8-4696-859B-6808B5A4ACCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1BF1813-1EBD-4ED7-B73F-86B2A06F219C}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E3D6CAC2-921B-40CA-BA59-20C46F4D88DD}" = dir=out | name=vimeo |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8B68012-0D56-4EEC-9E22-2FCFB4A86084}" = protocol=17 | dir=in | app=c:\users\tl\appdata\local\temp\7zsfb5f.tmp\symnrt.exe |
"{E9441B08-4808-4EEE-8846-49CB40661C85}" = protocol=1 | dir=out | [email protected],-28544 |
"{E968B053-7162-40EA-9A68-5C1B013AEE2F}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E96EAF1D-84C7-4DA4-BF99-C13E91A97DD1}" = dir=out | name=hulu plus |
"{E9858D76-C6E9-46F4-88C2-520A2AA9B491}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{EE4F63E7-8D92-431F-8FE0-2818D7D9624F}" = dir=out | name=norton studio |
"{F46F28D7-B40A-42BC-80A9-20556552CFA6}" = dir=out | name=- games app - |
"{FA52BAFE-F9E7-474D-BE31-0E7980F02C16}" = dir=out | name=toshiba media player by smedio truelink+ |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0880E47A-BAC9-E8F4-399C-3A0BCD723BEA}" = ccc-utility64
"{1515F5E3-29EA-4CD1-A981-032D88880F09}" = TOSHIBA Audio Enhancement
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}" = TOSHIBA Password Utility
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{6499E894-43F8-458B-AE35-724F4732BCDE}" = TOSHIBA Service Station
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{931B988B-0973-0DF5-C3B7-572935D34DCD}" = AMD Catalyst Install Manager
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{A6AFFBD8-D006-967F-51AF-0120F0261080}" = AMD Accelerated Video Transcoding
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}" = TOSHIBA HDD Accelerator
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{E7992EE3-C9BE-231D-0EAD-8AC302134EB3}" = AMD Start Now
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{FEA1590B-540A-41FC-A95C-664493C82A21}" = Classic Shell
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2_SMBus-X64 11.8.3.2_WHQL
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module
"{0BD849F4-42D7-25E3-89C6-93290D554FE5}" = CCC Help Norwegian
"{11244D6B-9842-440F-8579-6A4D771A0D9B}" = Toshiba Book Place
"{14048FB8-D191-1F01-9C8A-C999CD53EBE0}" = CCC Help Thai
"{1BBBF364-FEF5-8803-4B77-3136946B1812}" = CCC Help Danish
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{24D38277-CE6E-4E12-A2EE-F46832A4FA2F}" = Catalyst Control Center - Branding
"{25C093FA-AE57-50A3-131C-86E017D64EB8}" = Catalyst Control Center Graphics Previews Common
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F46B718-5800-F7EE-D63F-CBE407243590}" = CCC Help English
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{318ACC7D-E933-DE45-CE1C-BA7EA1C988E3}" = CCC Help French
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{62197C8A-5783-8358-36DC-09F2A0B4E103}" = CCC Help Korean
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66757E8F-3F8F-C540-2C8D-1A9F82EC3F7E}" = CCC Help Swedish
"{6CB984A6-7786-2114-C879-622427BDA70A}" = CCC Help Dutch
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{80CE2DF2-60ED-A3DD-3D1A-4E26527CDBB4}" = CCC Help Polish
"{87F2E1F1-5CFB-F87A-819E-6FC21C00F9BE}" = CCC Help Czech
"{90B2719E-E6D8-E4E2-C711-B06CAB594C9C}" = Catalyst Control Center Localization All
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys Logic USB2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97C09AF5-3F83-C6EB-C909-6BFCE504DC46}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A381817-62D0-0C48-600D-2F6554E78E18}" = CCC Help Finnish
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A40EE221-BBC4-E120-4D8D-347DA5DF0C67}" = CCC Help Chinese Traditional
"{A450AE5D-5C0B-5985-3327-AC13240A834F}" = CCC Help Turkish
"{A4831607-8488-9766-8501-168F1253C8E6}" = CCC Help Chinese Standard
"{A7FAA9BC-C4B3-06C5-F010-318D2939F756}" = AMD VISION Engine Control Center
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI
"{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module
"{B28B09CE-B849-0870-44F0-6566C8D784FE}" = CCC Help Hungarian
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C9010516-0629-A15F-5815-B140CBB7BC0E}" = CCC Help Japanese
"{D38BBDD9-5B7C-2D5B-1666-45164396A96F}" = CCC Help Portuguese
"{D6FB641E-B964-3A77-2B7C-5A07A6C0E95E}" = Catalyst Control Center InstallProxy
"{D95AE6A6-385D-5141-1F7B-5D63EE2BDEBA}" = CCC Help Italian
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7BC63AC-74BF-030D-89B2-EF3E2A6AE3CA}" = CCC Help German
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F447B26C-9E5F-7863-EA2D-98D36880B1A1}" = CCC Help Spanish
"{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}" = DTS Sound
"{FDC0F187-F9EF-6555-16D1-0BEB57223413}" = CCC Help Russian
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}" = TOSHIBA Password Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-339c099d-a055-4b75-8aa5-201488713df2" = Wonderland Solitaire
"WTA-671bd612-7c68-4a71-bb56-914bdb7611e7" = King Oddball
"WTA-9c136a24-3aad-401c-9970-4b687029369e" = Chuzzle Deluxe
"WTA-a5cd6742-5570-488e-b1b0-ba145c17c9ff" = Plants vs. Zombies - Game of the Year
"WTA-d012771e-c6e5-47ea-8d1e-ce9042e579da" = Elementals - The Magic Key
"WTA-e6f820e5-6715-4263-9775-571630c97fec" = Bejeweled 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki" = Pokki
"Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76" = Toshiba Start
< End of report >
-
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cmsui_000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 362054 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TL
->Temp folder emptied: 1374180 bytes
->Temporary Internet Files folder emptied: 1422552 bytes
->FireFox cache emptied: 25035248 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2809 bytes
Total Files Cleaned = 27.00 mb
[EMPTYJAVA]
User: All Users
User: cmsui_000
User: Default
User: Default User
User: Public
User: TL
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: cmsui_000
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: TL
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07292013_211048
Files\Folders moved on Reboot...
C:\Users\TL\AppData\Local\Temp\log.txt moved successfully.
C:\Users\TL\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Results of screen317's Security Check version 0.99.71
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
-
I thought I had posted about eset last night but do not see it.
There were no threats in eset and no log.
-
-
I am sorry I thought I had posted it
Farbar Service Scanner Version: 26-07-2013
Ran by TL (administrator) on 30-07-2013 at 19:40:03
Running from "C:\Users\TL\Downloads"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
14. Please, let me know, how your computer is doing.
-
Thank you so much for the help Broni!
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cmsui_000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TL
->Temp folder emptied: 6889 bytes
->Temporary Internet Files folder emptied: 111238 bytes
->FireFox cache emptied: 20367792 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35634 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 20.00 mb
[EMPTYFLASH]
User: All Users
User: cmsui_000
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: TL
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: cmsui_000
User: Default
User: Default User
User: Public
User: TL
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 07302013_201244
Files\Folders moved on Reboot...
C:\Users\TL\AppData\Local\Temp\log.txt moved successfully.
C:\Users\TL\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
14. Please, let me know, how your computer is doing.
-
I will Broni. Thanks for the help.
-
