-
Content Count
16 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by thesaithproject
-
-
Hey Chuck,
Everything ran smoothly this time. Thanks for your patience!
-----------------------------------------------------------
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}\modules folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}\chrome\skin folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}\chrome\content folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}\chrome folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722} folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged\[email protected] folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions folder moved successfully.
Folder C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged\ not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Guest
User: Justin
->Java cache emptied: 316927 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Guest
User: Justin
->Flash cache emptied: 3560 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Justin
->Temp folder emptied: 3478018 bytes
->Temporary Internet Files folder emptied: 149 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 366166955 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4708264 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 357.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02232015_224135
Files\Folders moved on Reboot...
File move failed. C:\Users\Justin\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\eb36b8051af6133d3ee4e767d98e7437_fce8395c8fd8a86c_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Justin\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\eb36b8051af6133d3ee4e767d98e7437_fce8395c8fd8a86c_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
OTL Extras logfile created on: 2/22/2015 10:06:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.20% Memory free
15.98 Gb Paging File | 12.89 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.86 Gb Free Space | 93.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/22/2015 10:32:14 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: bcryptprimitives.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c4f0 Exception code: 0xc0000005 Fault offset: 0x0000000000007a94
Faulting
process id: 0xbd0 Faulting application start time: 0x01d04f0c9361903e Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\bcryptprimitives.dll
Report
Id: 2cb4df1e-bb04-11e4-b0e9-e839df8b9bc0
Error - 2/22/2015 10:41:04 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 10:41:05 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 10:43:52 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0xc54 Faulting application start time: 0x01d04f1289ec4851 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: cca7bfc6-bb05-11e4-9b23-e839df8b9bc0
Error - 2/22/2015 10:44:06 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1320 Faulting application start time: 0x01d04f129672a5e2 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: d511fd1e-bb05-11e4-9b23-e839df8b9bc0
Error - 2/22/2015 10:44:08 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x11a0 Faulting application start time: 0x01d04f1298b05184 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: d68ed94a-bb05-11e4-9b23-e839df8b9bc0
Error - 2/22/2015 10:50:09 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 10:57:40 PM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 145c Start Time:
01d04f146789cbd4 Termination Time: 16 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: b84158e6-bb07-11e4-866c-e839df8b9bc0
Error - 2/22/2015 11:28:21 PM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16e8 Start Time:
01d04f1484e4a415 Termination Time: 10 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: 01b23a11-bb0c-11e4-866c-e839df8b9bc0
Error - 2/23/2015 1:51:40 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 13a0 Start Time:
01d04f2c9b3e5d15 Termination Time: 0 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: 074c37cd-bb20-11e4-866c-e839df8b9bc0
[ System Events ]
Error - 2/22/2015 10:05:25 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 10:05:28 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 10:05:30 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).
Error - 2/22/2015 10:44:03 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 10:44:07 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 10:44:09 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).
Error - 2/22/2015 10:50:03 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The CovenantEyesProxy service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 10:53:08 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cewd64f
Error - 2/22/2015 10:57:11 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 7 service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/23/2015 2:00:47 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cewd64f
< End of report >
-
OTL logfile created on: 2/22/2015 10:06:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.20% Memory free
15.98 Gb Paging File | 12.89 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.86 Gb Free Space | 93.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2015/02/22 22:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015/02/09 09:56:20 | 014,433,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015/02/09 09:10:54 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2015/01/26 20:08:22 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/11/12 17:51:36 | 001,353,216 | ---- | M] (Beats) -- C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
PRC - [2014/09/29 11:10:27 | 001,084,704 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2013/12/02 13:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/29 15:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
========== Modules (No Company Name) ==========
MOD - [2015/02/20 17:49:25 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\89ef6f0d-720e-41b4-87a8-f73bc2dc4702\AgileDotNetRT.dll
MOD - [2015/02/20 17:49:23 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\fa61b113-4558-4059-98c0-57a52cd5a7b6\AgileDotNetRT.dll
MOD - [2015/01/26 20:08:22 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/29 23:22:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/11/29 23:22:46 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/29 23:22:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/11/29 23:22:41 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/11/29 23:22:41 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/11/29 23:22:39 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/29 23:22:37 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/29 09:15:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
========== Services (SafeList) ==========
SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/02/22 22:02:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/21 17:59:02 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (Trufos)
DRV:64bit: - [2011/03/24 14:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B3b20c93b-3c59-6154-a197-e63672e18722%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2015/02/22 18:15:58 | 000,013,316 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 175 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.31.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/02/22 18:47:18 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2015/02/22 18:46:25 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2015/02/22 18:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2015/02/22 18:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2015/02/22 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Oracle
[2015/02/22 18:28:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2015/02/22 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/02/22 18:27:05 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/02/22 18:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/02/22 15:35:41 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015/02/22 15:35:41 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/22 15:35:41 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/02/22 15:35:41 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/22 15:35:41 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/22 15:35:41 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/22 15:35:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/22 15:35:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/02/22 15:35:40 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/22 15:35:39 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/22 15:35:39 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/22 15:35:36 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/02/22 15:35:35 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/02/22 15:35:32 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/02/22 22:07:58 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/22 22:07:58 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/22 22:02:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/22 22:00:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/22 21:59:47 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/22 21:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/22 18:50:21 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/22 18:26:41 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/02/22 18:19:27 | 000,000,716 | ---- | M] () -- C:\Windows\wininit.ini
[2015/02/22 18:15:58 | 000,013,316 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/22 13:17:30 | 000,013,316 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20150222-181558.backup
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/03 19:16:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/03 19:16:20 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/03 19:16:16 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/03 19:16:14 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/02/03 19:16:13 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/03 19:16:13 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/02/03 19:13:28 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/27 15:36:21 | 001,239,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/02/22 18:34:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,716 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2015/02/22 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Oracle
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
< End of report >
-
I removed OTL and downloaded a new copy, running the scan right now. It's version 3.2.69.0
Got rid of chrome as well. Will post the log when it's ready.
-
# DelFix v10.8 - Logfile created 22/02/2015 at 21:54:48
# Updated 29/07/2014 by Xplode
# Username : Justin - JUSTIN-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Justin\Downloads\adwcleaner_4.106.exe
Deleted : C:\Users\Justin\Downloads\defogger_disable.log
Deleted : C:\Users\Justin\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Creating registry backup ... OK
~ Cleaning system restore ...
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
-
Hey Chuck,
The OTL fix is still not responding. No clue what's happening there. I've made sure that my realtime protection is disabled and all windows are closed.
I updated/removed all the programs that you said, except for google chrome. It says that updates have been disabled by the administrator, which is weird because I don't use chrome.
-
OTL Extras logfile created on: 2/22/2015 2:11:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.23% Memory free
15.98 Gb Paging File | 13.91 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.97 Gb Free Space | 93.76% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6429F09-B0CB-4BAB-A8C2-13917600056D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{1C9C2F83-E3C5-434F-A418-74B8A490346E}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=6 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"TCP Query User{65D59D25-2F27-4A1D-BAA2-BE9711A692D8}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{E8652234-CE3F-4DF2-9465-02C6AA6CDCC6}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{2218C63C-74BF-493B-B6D8-EECE77C5D1DA}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=17 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"UDP Query User{699DD4FD-37CE-4845-8293-0B112C00B8BE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{D7A071A5-C782-48AA-8D82-EB8BAB3AC7DE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/22/2015 12:51:40 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1180 Faulting application start time: 0x01d04e5b352f763c Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 7cf51786-ba4e-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 12:52:12 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0xde0 Faulting application start time: 0x01d04e5b4f7b29c3 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 9028911c-ba4e-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 12:52:15 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x14d8 Faulting application start time: 0x01d04e5b53e37605 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 920e29d4-ba4e-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 12:58:05 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1bb8 Faulting application start time: 0x01d04e5c246cab14 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 629c21a4-ba4f-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 2:48:38 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 610 Start Time:
01d04e6a9f75daf5 Termination Time: 16 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: c9daaeac-ba5e-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 4:00:11 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ce0 Start Time:
01d04e6b9f7227c3 Termination Time: 0 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: cf08bde3-ba68-11e4-a1c4-e839df8b9bc0
Error - 2/22/2015 4:24:45 AM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 3:37:54 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 4:05:47 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =
Error - 2/22/2015 5:38:39 PM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 2e4 Start Time:
01d04ee62cdf4be5 Termination Time: 16 Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe
Report
Id: 27873281-badb-11e4-a1c4-e839df8b9bc0
[ System Events ]
Error - 2/22/2015 12:52:03 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 12:52:04 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7023
Description = The Diagnostic System Host service terminated with the following error:
%%1052
Error - 2/22/2015 12:52:13 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/22/2015 12:52:16 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).
Error - 2/22/2015 12:58:07 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
4 time(s).
Error - 2/22/2015 1:34:02 AM | Computer Name = Justin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 2/22/2015 2:42:35 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 7 service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/22/2015 2:50:51 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The AdvancedSystemCareAntivirus service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/22/2015 5:17:28 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/22/2015 5:27:01 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).
< End of report >
-
I reinstalled OTL and ran the scan.
All the popups and hijacks have stopped so far.
Here is the logs from the new OTL scan
----------------------------------------------------------------
OTL logfile created on: 2/22/2015 2:11:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.23% Memory free
15.98 Gb Paging File | 13.91 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.97 Gb Free Space | 93.76% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2015/02/22 13:51:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/11 20:52:26 | 007,008,760 | ---- | M] () [Auto | Running] -- C:\Program Files\CE\CovenantEyesCommService.exe -- (CovenantEyesCommService)
SRV:64bit: - [2014/12/11 20:52:10 | 004,956,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\authServer.exe -- (Auth Service)
SRV:64bit: - [2014/12/11 00:42:12 | 005,950,456 | ---- | M] (CovenantEyes) [Auto | Running] -- C:\Program Files\CE\CovenantEyesProxy.exe -- (CovenantEyesProxy)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/02/22 11:41:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/12/11 00:42:12 | 000,045,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cewd64r.sys -- (cewd64r)
DRV:64bit: - [2014/12/11 00:42:12 | 000,031,736 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cewd64f.sys -- (cewd64f)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-integrated-extension%40covenanteyes.com:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B3b20c93b-3c59-6154-a197-e63672e18722%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CE\extensions\firefox\[email protected] [2015/02/16 14:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/16 14:09:09 | 000,000,000 | ---D | M] ("Covenant Eyes for Firefox") -- C:\PROGRAM FILES\CE\EXTENSIONS\FIREFOX\[email protected]
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://search.yahoo.com/?type=523482&fr=yo-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Google Webspam Report = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\120\
CHR - Extension: SickBeardConnect = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb\160\
CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
O1 HOSTS File: ([2015/02/22 13:17:30 | 000,013,316 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 175 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe ()
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk = C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/02/21 22:42:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/02/19 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\BC_LOGS
[2015/02/19 21:29:15 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/18 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG_LOGS
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:37 | 006,041,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/16 19:59:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:09:28 | 000,338,936 | ---- | C] (CovenantEyes) -- C:\Windows\SysWow64\CovenantEyesProxy.dll
[2015/02/16 14:09:25 | 000,408,056 | ---- | C] (CovenantEyes) -- C:\Windows\SysNative\CovenantEyesProxy64.dll
[2015/02/16 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CovenantEyes
[2015/02/16 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
[2015/02/16 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CE
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/02/22 14:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/22 13:29:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/22 13:17:30 | 000,013,316 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/22 11:41:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/22 10:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/21 20:58:55 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/21 20:58:55 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/21 20:50:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/21 20:49:50 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/20 17:49:39 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/19 21:48:49 | 003,714,638 | ---- | M] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/18 21:04:47 | 000,013,624 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/02/19 21:48:45 | 003,714,638 | ---- | C] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/02/16 14:13:31 | 000,045,048 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64r.sys
[2015/02/16 14:13:20 | 000,031,736 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64f.sys
[2015/02/16 14:09:35 | 000,013,624 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,665 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
< End of report >
-
Hey Chuck,
When I run the fix for OTL it freezes and says not responding. I've tried 3 different times and the same results. I don't lose any icons or the desktop.
Here is the log for security check
---------------------------------------------------------
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Advanced SystemCare Ultimate
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
HijackThis 2.0.2
Java 8 Update 25
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (35.0.1)
Google Chrome 38.0.2125.104 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2014 7:02:53 PM
System Uptime: 2/21/2015 8:49:41 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Qosmio X505
Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 858.208 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 398.814 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description:
Device ID: RENESAS_USB3\ROOT_HUB30\5&2CAD7E19&0
Manufacturer:
Name:
PNP Device ID: RENESAS_USB3\ROOT_HUB30\5&2CAD7E19&0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ao # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.bw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ck # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.cr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.id # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.il # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.in # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.jp # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ke # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.kr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ls # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ma # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.mz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.nz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.th # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.tz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ug # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.uk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.uz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.ve # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.vi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.za # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.zm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.co.zw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.af # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ag # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ai # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ar # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.au # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.bd # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.bh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.bn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.bo # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.br # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.bz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.co # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.cu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.cy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.do # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ec # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.eg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.et # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.fj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.gh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.gi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.gt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.hk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.jm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.kh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.kw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.lb # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.lc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ly # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.mm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.mt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.mx # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.my # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.na # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.nf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ng # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ni # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.np # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.om # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.pa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.pe # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.pg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ph # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.pk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.pr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.py # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.qa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.sa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.sb # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.sg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.sl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.sv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.tj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.tn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.tr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.tw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.ua # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.uy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.vc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.com.vn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.cz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.de # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.dj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.dk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.dm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.dz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ee # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.es # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.fi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.fm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.fr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ga # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ge # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gp # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.gy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.hn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.hr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ht # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.hu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ie # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.im # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.io # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.iq # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ir # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.is # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.it # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.je # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.jo # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.kg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ki # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.kz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.la # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.li # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.lk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.lt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.lu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.lv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.md # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.me # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ml # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ms # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.mw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ne # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.nl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.no # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.nr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.nu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.pl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.pn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ps # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.pt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ro # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.rs # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ru # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.rw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.sc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.se # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.sh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.si # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.sk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.sm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.sn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.so # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.st # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.td # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.to # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.tt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.us # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.vg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.vu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ws # *DO NOT MODIFY/DELETE THIS ENTRY*
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader 9.3
Advanced SystemCare Ultimate 7
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Auto Clicker by Shocker
Beats Updater
Bejeweled 2 Deluxe
BitRaider Web Client
Bluetooth Stack for Windows by Toshiba
CCleaner
Chuzzle Deluxe
Conexant HD Audio
Corel WinDVD
Covenant Eyes
D3DX10
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Diablo II
Dolby Control Center
Driver Booster 2.1
FATE
Game Booster 3
Google Chrome
Google Update Helper
HDMI Control Manager
HijackThis 2.0.2
Intel® Rapid Storage Technology
IObit Uninstaller
Java 8 Update 25
Java Auto Updater
Jewel Quest - Heritage
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Xbox 360 Accessories 1.2
Movie Maker
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
NVIDIA Control Panel 347.09
NVIDIA Display Control Panel
NVIDIA Install Application
NVIDIA PhysX
O2Micro Flash Memory Card Windows Driver
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PowerISO
Quickbooks Financial Center
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Launcher
Spybot - Search & Destroy
Star Wars The Old Republic
Star Wars: The Old Republic
Synaptics Pointing Device Driver
TeamViewer 9
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Folder Migrating Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Wheel of Fortune 2
WildTangent Games
WildTangent ORB Game Console
Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.20 (32-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/21/2015 8:58:07 PM, Error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 4 time(s).
2/21/2015 8:52:16 PM, Error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 3 time(s).
2/21/2015 8:52:13 PM, Error: Service Control Manager [7031] - The Auth Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/21/2015 8:52:04 PM, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service.
2/21/2015 8:52:03 PM, Error: Service Control Manager [7031] - The Auth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/21/2015 8:51:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
2/21/2015 8:51:07 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2015 5:44:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TPCH Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Power Saver service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TMachInfo service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The AdvancedSystemCareAntivirus service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:33:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
2/19/2015 9:46:33 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the path specified.
2/19/2015 3:51:19 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
2/18/2015 5:47:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
2/17/2015 9:38:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/16/2015 2:13:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CovenantEyesProxy service, but this action failed with the following error: An instance of the service is already running.
2/16/2015 2:13:36 PM, Error: Service Control Manager [7031] - The CovenantEyesProxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.25.2
Run by Justin at 20:57:41 on 2015-02-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8180.5160 [GMT -8:00]
.
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CE\CovenantEyesCommService.exe
C:\Program Files\CE\CovenantEyesProxy.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\CE\CovenantEyes.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
C:\Program Files\CE\CovenantEyesHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
uRun: [CCleaner Monitoring] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Justin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SWITCH~1.LNK - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\CovenantEyesProxy.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-12-31 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-12-31 28216]
R0 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-11-16 77032]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2014-9-28 482384]
R1 cewd64f;cewd64f service;\??\C:\Windows\System32\Drivers\cewd64f.sys --> C:\Windows\System32\Drivers\cewd64f.sys [?]
R1 cewd64r;cewd64r service;\??\C:\Windows\System32\Drivers\cewd64r.sys --> C:\Windows\System32\Drivers\cewd64r.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-30 26528]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2014-9-29 886592]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [2014-9-29 646976]
R2 CovenantEyesCommService;Covenant Eyes Communication Service;C:\Program Files\CE\CovenantEyesCommService.exe [2015-2-16 7008760]
R2 CovenantEyesProxy;CovenantEyesProxy;C:\Program Files\CE\CovenantEyesProxy.exe [2015-2-16 5950456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-29 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-29 969016]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2014-9-28 14112]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-29 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-29 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-29 171928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-28 5249808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2015-2-1 129224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-29 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-29 63704]
R3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2009-8-18 49568]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2014-9-28 35008]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2014-12-31 1226344]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2014-12-31 230280]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-12-31 34544]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-9-28 35112]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-9-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S2 Auth Service;Auth Service;C:\Program Files\CE\authServer.exe [2015-2-16 4956152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-9-29 2281248]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-11-8 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-16 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-29 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-29 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2014-10-2 14544]
.
=============== Created Last 30 ================
.
2015-02-20 05:29:15 -------- d-----w- C:\FRST
2015-02-17 03:58:16 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-02-17 03:57:39 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-17 03:57:39 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-17 03:57:32 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-17 03:57:32 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-17 03:57:31 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-17 03:57:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-17 03:57:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-17 03:57:30 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-17 03:57:30 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-17 03:57:15 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-17 03:54:24 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EC4876B-CCEE-4F5C-AE48-3B89FE847DD2}\mpengine.dll
2015-02-17 03:32:43 -------- d-----w- C:\Program Files\HitmanPro
2015-02-17 00:52:21 -------- d-sh--w- C:\Users\Justin\AppData\Local\EmieBrowserModeList
2015-02-16 22:09:28 338936 ----a-w- C:\Windows\SysWow64\CovenantEyesProxy.dll
2015-02-16 22:09:25 408056 ----a-w- C:\Windows\System32\CovenantEyesProxy64.dll
2015-02-16 22:09:21 -------- d-----w- C:\ProgramData\CovenantEyes
2015-02-16 22:09:08 -------- d-----w- C:\Program Files\CE
2015-02-16 22:06:32 -------- d-----w- C:\Users\Justin\AppData\Local\Downloaded Installations
2015-02-12 01:46:37 -------- d-----w- C:\ProgramData\Steam
2015-02-05 01:29:09 5070512 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 00:35:05 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2015-02-01 22:43:57 129224 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
.
==================== Find3M ====================
.
2015-02-22 04:53:01 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-17 02:40:51 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-02-05 01:29:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 01:29:19 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-20 03:15:10 121984 ----a-w- C:\Windows\SysWow64\steam_api.dll
2015-01-19 03:01:54 30536 ----a-w- C:\Windows\System32\nvhdap64.dll
2015-01-19 03:01:54 195728 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2015-01-19 03:01:54 1540240 ----a-w- C:\Windows\System32\nvhdagenco64.dll
2015-01-19 02:58:01 18594432 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2015-01-19 02:58:01 16040184 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2015-01-19 02:58:01 13288360 ----a-w- C:\Windows\System32\nvopencl.dll
2015-01-19 02:58:00 32099472 ----a-w- C:\Windows\System32\nvoglv64.dll
2015-01-19 02:58:00 24764232 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2015-01-19 02:58:00 10770120 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57 6041088 ----a-w- C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-08 00:09:48 1876296 ----a-w- C:\Windows\System32\nvdispco6434475.dll
2015-01-08 00:09:48 1540424 ----a-w- C:\Windows\System32\nvdispgenco6434475.dll
2014-12-31 20:31:09 1226344 ----a-w- C:\Windows\System32\drivers\rtl8192se.sys
2014-12-31 20:15:51 81920 ----a-w- C:\Windows\System32\rusb3co2.dll
2014-12-31 20:15:51 230280 ----a-w- C:\Windows\System32\drivers\rusb3xhc.sys
2014-12-31 20:10:45 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-12-31 20:08:14 1876296 ----a-w- C:\Windows\System32\nvdispco6434465.dll
2014-12-31 20:08:14 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434465.dll
2014-12-31 20:00:31 34544 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-12-31 20:00:31 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-12-31 19:44:02 647736 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2014-12-31 19:44:02 28216 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2014-12-31 05:32:36 21840 ----a-w- C:\Windows\SysWow64\SIntfNT.dll
2014-12-31 05:32:36 17212 ----a-w- C:\Windows\SysWow64\SIntf32.dll
2014-12-31 05:32:36 12067 ----a-w- C:\Windows\SysWow64\SIntf16.dll
2014-12-31 05:20:55 94208 ----a-w- C:\Windows\DIIUnin.exe
2014-12-31 05:20:55 2829 ----a-w- C:\Windows\DIIUnin.pif
2014-12-30 19:19:36 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-23 08:41:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 08:03:15 6859408 ----a-w- C:\Windows\System32\nvcpl.dll
2014-12-13 08:03:15 3513488 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-12-13 08:03:13 935240 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-13 08:03:13 62608 ----a-w- C:\Windows\System32\nvshext.dll
.
============= FINISH: 20:59:10.08 ===============
-
OTL Extras logfile created on: 2/20/2015 6:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.81% Memory free
15.98 Gb Paging File | 13.56 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 858.14 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6429F09-B0CB-4BAB-A8C2-13917600056D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{31AEC7D4-1500-4449-B8E5-DF17943430F4}" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{713779BE-CDD5-4794-9D61-4B82364FBF0D}" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{1C9C2F83-E3C5-434F-A418-74B8A490346E}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=6 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"TCP Query User{65D59D25-2F27-4A1D-BAA2-BE9711A692D8}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{E8652234-CE3F-4DF2-9465-02C6AA6CDCC6}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{EB2EF2D6-5D59-4DCF-9318-C815804AF131}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{2218C63C-74BF-493B-B6D8-EECE77C5D1DA}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=17 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"UDP Query User{699DD4FD-37CE-4845-8293-0B112C00B8BE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{A3DAC996-0A7F-4EBC-B270-536E727833FC}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{D7A071A5-C782-48AA-8D82-EB8BAB3AC7DE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/20/2015 9:33:19 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x11d8 Faulting application start time: 0x01d04d76543108ab Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 9d2e7e38-b969-11e4-92f7-e839df8b9bc0
Error - 2/20/2015 9:33:47 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0xdcc Faulting application start time: 0x01d04d766f6ac5cd Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: adfbd4c7-b969-11e4-92f7-e839df8b9bc0
Error - 2/20/2015 9:33:51 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x18ec Faulting application start time: 0x01d04d76723c06c0 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: b04c8b6c-b969-11e4-92f7-e839df8b9bc0
Error - 2/20/2015 9:34:41 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
time stamp: 0x5315a05a Exception code: 0xe06d7363 Fault offset: 0x000000000000940d
Faulting
process id: 0xb0c Faulting application start time: 0x01d04d764c6e272c Faulting application
path: C:\Program Files\CE\CovenantEyes.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: cdfd1537-b969-11e4-92f7-e839df8b9bc0
Error - 2/20/2015 9:34:42 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1ab8 Faulting application start time: 0x01d04d7690eda528 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: cec9cb8e-b969-11e4-92f7-e839df8b9bc0
Error - 2/20/2015 9:49:52 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1334 Faulting application start time: 0x01d04d78a5350479 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: ece9fc21-b96b-11e4-b31b-e839df8b9bc0
Error - 2/20/2015 9:50:12 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1534 Faulting application start time: 0x01d04d78bb11479d Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: f9007905-b96b-11e4-b31b-e839df8b9bc0
Error - 2/20/2015 9:50:15 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x19f0 Faulting application start time: 0x01d04d78bc8e23c9 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: fa63260e-b96b-11e4-b31b-e839df8b9bc0
Error - 2/20/2015 9:50:24 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
time stamp: 0x5315a05a Exception code: 0xe06d7363 Fault offset: 0x000000000000940d
Faulting
process id: 0xe7c Faulting application start time: 0x01d04d78958a15cb Faulting application
path: C:\Program Files\CE\CovenantEyes.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: ffd86dcf-b96b-11e4-b31b-e839df8b9bc0
Error - 2/20/2015 9:50:25 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1720 Faulting application start time: 0x01d04d78c2c8fdc0 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 0096dbe4-b96c-11e4-b31b-e839df8b9bc0
[ System Events ]
Error - 2/20/2015 9:44:11 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/20/2015 9:44:11 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The IviRegMgr service terminated unexpectedly. It has done this 1
time(s).
Error - 2/20/2015 9:44:41 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056
Error - 2/20/2015 9:49:20 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.
Error - 2/20/2015 9:49:20 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053
Error - 2/20/2015 9:50:10 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/20/2015 9:50:10 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7023
Description = The Diagnostic System Host service terminated with the following error:
%%1052
Error - 2/20/2015 9:50:13 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 2/20/2015 9:50:15 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).
Error - 2/20/2015 9:50:26 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
4 time(s).
< End of report >
-
OTL logfile created on: 2/20/2015 6:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.81% Memory free
15.98 Gb Paging File | 13.56 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 858.14 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2015/02/19 21:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015/02/09 09:56:20 | 014,433,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015/02/09 09:10:54 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2015/01/26 20:08:22 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/11/12 17:51:36 | 001,353,216 | ---- | M] (Beats) -- C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
PRC - [2014/09/29 11:10:27 | 001,084,704 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/12/02 13:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
PRC - [2012/04/23 18:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2010/06/28 19:55:14 | 002,721,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/05/20 19:00:02 | 000,275,984 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/04/19 15:07:42 | 000,677,192 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/03/16 18:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/29 15:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/07/24 10:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2015/02/20 17:49:25 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\89ef6f0d-720e-41b4-87a8-f73bc2dc4702\AgileDotNetRT.dll
MOD - [2015/02/20 17:49:23 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\fa61b113-4558-4059-98c0-57a52cd5a7b6\AgileDotNetRT.dll
MOD - [2015/01/26 20:08:22 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/29 23:22:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/11/29 23:22:46 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/29 23:22:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/11/29 23:22:41 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/11/29 23:22:41 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/11/29 23:22:39 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/29 23:22:37 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/29 09:15:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
========== Services (SafeList) ==========
SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/11 20:52:26 | 007,008,760 | ---- | M] () [Auto | Running] -- C:\Program Files\CE\CovenantEyesCommService.exe -- (CovenantEyesCommService)
SRV:64bit: - [2014/12/11 20:52:10 | 004,956,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\authServer.exe -- (Auth Service)
SRV:64bit: - [2014/12/11 00:42:12 | 005,950,456 | ---- | M] (CovenantEyes) [Auto | Running] -- C:\Program Files\CE\CovenantEyesProxy.exe -- (CovenantEyesProxy)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/02/20 17:51:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/12/11 00:42:12 | 000,045,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cewd64r.sys -- (cewd64r)
DRV:64bit: - [2014/12/11 00:42:12 | 000,031,736 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cewd64f.sys -- (cewd64f)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-integrated-extension%40covenanteyes.com:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B3b20c93b-3c59-6154-a197-e63672e18722%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CE\extensions\firefox\[email protected] [2015/02/16 14:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/16 14:09:09 | 000,000,000 | ---D | M] ("Covenant Eyes for Firefox") -- C:\PROGRAM FILES\CE\EXTENSIONS\FIREFOX\[email protected]
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://search.yahoo.com/?type=523482&fr=yo-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Google Webspam Report = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\120\
CHR - Extension: SickBeardConnect = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb\160\
CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
O1 HOSTS File: ([2015/02/20 17:44:17 | 000,013,349 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20 www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 175 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe ()
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk = C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/02/19 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\BC_LOGS
[2015/02/19 21:29:15 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/18 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG_LOGS
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:37 | 006,041,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/16 19:59:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:09:28 | 000,338,936 | ---- | C] (CovenantEyes) -- C:\Windows\SysWow64\CovenantEyesProxy.dll
[2015/02/16 14:09:25 | 000,408,056 | ---- | C] (CovenantEyes) -- C:\Windows\SysNative\CovenantEyesProxy64.dll
[2015/02/16 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CovenantEyes
[2015/02/16 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
[2015/02/16 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CE
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/02/20 18:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/20 18:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/20 17:56:53 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/20 17:56:53 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/20 17:51:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/20 17:49:39 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/20 17:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/20 17:47:57 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/20 17:44:17 | 000,013,349 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/19 22:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/19 21:48:49 | 003,714,638 | ---- | M] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/18 21:04:47 | 000,013,624 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/02/19 21:48:45 | 003,714,638 | ---- | C] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/02/16 14:13:31 | 000,045,048 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64r.sys
[2015/02/16 14:13:20 | 000,031,736 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64f.sys
[2015/02/16 14:09:35 | 000,013,624 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,665 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2015/01/25 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.​
< End of report >
-
Hi Chuck,
Thanks for all of your help so far. Sorry for attaching the logs. Below is everything that you have asked for. Also, I've removed utorrent from this machine.
-----------------------------------------------------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Justin at 2015-02-20 17:44:10 Run:1
Running from C:\Users\Justin\Desktop\TOOLS
Loaded Profiles: Justin (Available profiles: Justin & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> {9686CA57-8640-431D-94ED-E28313E45324} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {C449196E-1851-4D6B-B9C2-10C11720D0B1} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> DefaultScope {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {9686CA57-8640-431D-94ED-E28313E45324} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo...&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {FF6445E7-7616-4807-8731-57A0EB8FCC9B} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS607
Toolbar: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End
*****************
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9686CA57-8640-431D-94ED-E28313E45324}" => Key deleted successfully.
HKCR\CLSID\{9686CA57-8640-431D-94ED-E28313E45324} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C449196E-1851-4D6B-B9C2-10C11720D0B1}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C449196E-1851-4D6B-B9C2-10C11720D0B1} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}" => Key deleted successfully.
HKCR\CLSID\{6F1DB67A-D8D4-4060-960C-958F0C423DB2} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9686CA57-8640-431D-94ED-E28313E45324}" => Key deleted successfully.
HKCR\CLSID\{9686CA57-8640-431D-94ED-E28313E45324} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF6445E7-7616-4807-8731-57A0EB8FCC9B}" => Key deleted successfully.
HKCR\CLSID\{FF6445E7-7616-4807-8731-57A0EB8FCC9B} => Key not found.
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 286.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:46:52 ==== -
Monday night I installed the program "Covenant Eyes" (internet accountability software) from their website on this computer. Since then I've had numerous in window ads, random new windows pop up without clicking links, and a significant drop in this machine's overall speed.
I find this odd because it's a reputable site and I paid for the download/service.
Attached are the logs from the guidelines sticky. Any help would be much appreciated.
Need advice with infection
in Malware Removal
Posted
Sweet!
Thanks for all the help chuck! Running smooth now. :D