Need advice with infection

thesaithproject · February 20, 2015

Monday night I installed the program "Covenant Eyes" (internet accountability software) from their website on this computer. Since then I've had numerous in window ads, random new windows pop up without clicking links, and a significant drop in this machine's overall speed.

I find this odd because it's a reputable site and I paid for the download/service.

Attached are the logs from the guidelines sticky. Any help would be much appreciated.

flashh4 · February 20, 2015

Howdy thesaithproject and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Do Not Remove anything or run any tools/programs until advised to do so !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

====================

Please use copy/paste to post your logs, it makes them so much easier to read !!!!! Thanks !

====================

FRST. log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Justin (administrator) on JUSTIN-PC on 19-02-2015 21:31:39
Running from C:\Users\Justin\Desktop\TOOLS
Loaded Profiles: Justin (Available profiles: Justin & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files\CE\CovenantEyes.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Beats) C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\CE\authServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\AutoUpdate.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1037728 2010-07-21] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [11155448 2014-12-11] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-02-02] (Power Software Ltd)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2562368 2013-12-02] (IObit)
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\Run: [beats Updater] => C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe [1353216 2014-11-12] (Beats)
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\MountPoints2: F - F:\Setup\rsrc\autorun.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-09-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk
ShortcutTarget: Switch to Gaming Mode.lnk -> C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM -> {9686CA57-8640-431D-94ED-E28313E45324} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {C449196E-1851-4D6B-B9C2-10C11720D0B1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> DefaultScope {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {9686CA57-8640-431D-94ED-E28313E45324} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {FF6445E7-7616-4807-8731-57A0EB8FCC9B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS607
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\CovenantEyesProxy.dll [338936] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\SysWOW64\CovenantEyesProxy.dll [338936] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\SysWOW64\CovenantEyesProxy.dll [338936] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\SysWOW64\CovenantEyesProxy.dll [338936] (CovenantEyes)
Winsock: Catalog9 16 C:\Windows\SysWOW64\CovenantEyesProxy.dll [338936] (CovenantEyes)
Winsock: Catalog9-x64 01 C:\Windows\system32\CovenantEyesProxy64.dll [408056] (CovenantEyes)
Winsock: Catalog9-x64 02 C:\Windows\system32\CovenantEyesProxy64.dll [408056] (CovenantEyes)
Winsock: Catalog9-x64 03 C:\Windows\system32\CovenantEyesProxy64.dll [408056] (CovenantEyes)
Winsock: Catalog9-x64 04 C:\Windows\system32\CovenantEyesProxy64.dll [408056] (CovenantEyes)
Winsock: Catalog9-x64 16 C:\Windows\system32\CovenantEyesProxy64.dll [408056] (CovenantEyes)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4240997320-3484519886-651873359-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Zoom It - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\Extensions\{072873d7-9d10-8691-844a-4e1c90410809} [2015-02-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF Extension: Covenant Eyes for Firefox - C:\Program Files\CE\extensions\firefox\[email protected] [2015-02-16]

Chrome:
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-29]
CHR Extension: (Google Webspam Report) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2014-11-18]
CHR Extension: (SickBeardConnect) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-11-15] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [646976 2013-11-28] (IOBit)
R2 Auth Service; C:\Program Files\CE\authServer.exe [4956152 2014-12-11] ()
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7008760 2014-12-11] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5950456 2014-12-11] (CovenantEyes)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-09-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-11-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [31736 2014-12-11] () [File not signed]
R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [45048 2014-12-11] () [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-30] (REALiX)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2014-12-31] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-02-01] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2014-12-31] (Renesas Electronics Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-12-31] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-16] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 21:29 - 2015-02-19 21:31 - 00000000 ____D () C:\FRST
2015-02-18 21:04 - 2015-02-19 15:23 - 00000112 _____ () C:\Windows\setupact.log
2015-02-18 21:04 - 2015-02-18 21:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-18 21:03 - 2015-02-19 15:23 - 00000938 _____ () C:\Windows\PFRO.log
2015-02-17 21:45 - 2015-02-18 17:48 - 00287698 _____ () C:\MGlogs.zip
2015-02-16 20:00 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-16 20:00 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-16 20:00 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-16 20:00 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-16 19:59 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-16 19:59 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-16 19:59 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-16 19:59 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-16 19:59 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-16 19:59 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-16 19:59 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-16 19:59 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-16 19:59 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-16 19:59 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-16 19:59 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-16 19:59 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-16 19:59 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-16 19:59 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-16 19:59 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-16 19:59 - 2015-01-11 18:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 19:59 - 2015-01-11 18:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 19:59 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-16 19:59 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-16 19:59 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-16 19:59 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-16 19:59 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-16 19:59 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-16 19:59 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-16 19:59 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-16 19:59 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-16 19:59 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-16 19:59 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-16 19:59 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-16 19:59 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-16 19:59 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-16 19:59 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-16 19:59 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-16 19:59 - 2015-01-11 17:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-16 19:59 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-16 19:59 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-16 19:59 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-16 19:59 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-16 19:59 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-16 19:59 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-16 19:59 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-16 19:59 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-16 19:59 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-16 19:59 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-16 19:59 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-16 19:59 - 2015-01-11 17:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 19:59 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-16 19:59 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-16 19:59 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-16 19:59 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-16 19:59 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-16 19:59 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-16 19:59 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-16 19:59 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-16 19:59 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-16 19:59 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-16 19:58 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-16 19:58 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-16 19:58 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-16 19:58 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-16 19:58 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-16 19:58 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-16 19:58 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-16 19:58 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-16 19:58 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-16 19:58 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-16 19:58 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-16 19:58 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-16 19:58 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-16 19:58 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-16 19:58 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-16 19:58 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-16 19:58 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-16 19:58 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-16 19:58 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 19:58 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-16 19:58 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-16 19:58 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-16 19:58 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-16 19:58 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-16 19:58 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-16 19:57 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-16 19:57 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-16 19:57 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-16 19:57 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-16 19:57 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-16 19:57 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-16 19:57 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-16 19:57 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-16 19:57 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-16 19:57 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-16 19:32 - 2015-02-16 19:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-16 19:21 - 2015-02-16 19:22 - 04176437 _____ () C:\Users\Justin\Downloads\tdsskiller.zip
2015-02-16 19:17 - 2015-02-17 20:58 - 00000000 ____D () C:\Users\Justin\Desktop\JOB
2015-02-16 17:06 - 2015-02-16 17:06 - 05325208 _____ (Piriform Ltd) C:\Users\Justin\Downloads\ccsetup502.exe
2015-02-16 16:52 - 2015-02-16 16:52 - 00000000 __SHD () C:\Users\Justin\AppData\Local\EmieBrowserModeList
2015-02-16 14:13 - 2014-12-11 00:42 - 00045048 _____ () C:\Windows\system32\Drivers\cewd64r.sys
2015-02-16 14:13 - 2014-12-11 00:42 - 00031736 _____ () C:\Windows\system32\Drivers\cewd64f.sys
2015-02-16 14:09 - 2015-02-18 21:04 - 00013624 _____ () C:\Windows\system32\CovenantEyesProxy.ini
2015-02-16 14:09 - 2015-02-18 21:04 - 00003440 _____ () C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2015-02-16 14:09 - 2015-02-18 21:04 - 00003440 _____ () C:\Windows\system32\CovenantEyesProxyOff.ini
2015-02-16 14:09 - 2015-02-16 14:09 - 00000216 _____ () C:\ceInstall.log
2015-02-16 14:09 - 2015-02-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2015-02-16 14:09 - 2015-02-16 14:09 - 00000000 ____D () C:\ProgramData\CovenantEyes
2015-02-16 14:09 - 2015-02-16 14:09 - 00000000 ____D () C:\Program Files\CE
2015-02-16 14:09 - 2014-12-11 00:42 - 00408056 _____ (CovenantEyes) C:\Windows\system32\CovenantEyesProxy64.dll
2015-02-16 14:09 - 2014-12-11 00:42 - 00338936 _____ (CovenantEyes) C:\Windows\SysWOW64\CovenantEyesProxy.dll
2015-02-16 14:06 - 2015-02-16 14:06 - 00000000 ____D () C:\Users\Justin\AppData\Local\Downloaded Installations
2015-02-16 14:03 - 2015-02-16 14:03 - 02663800 _____ (Flexera Software LLC) C:\Users\Justin\Downloads\CovenantEyesInstall.exe
2015-02-13 17:55 - 2015-02-13 17:55 - 00001300 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2015-02-11 17:46 - 2015-02-11 17:47 - 00000000 ____D () C:\ProgramData\Steam
2015-02-04 17:29 - 2015-02-04 17:29 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 16:34 - 2015-02-04 16:34 - 01142128 _____ () C:\Users\Justin\Downloads\SteamSetup.exe
2015-02-04 16:24 - 2015-02-04 16:24 - 00057713 _____ () C:\Users\Justin\Downloads\steam_api.zip
2015-02-01 14:43 - 2015-02-01 14:43 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2015-01-31 22:39 - 2015-01-31 22:39 - 01766152 _____ () C:\Users\Justin\Downloads\wrar520.exe
2015-01-31 22:39 - 2015-01-31 22:39 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-31 22:39 - 2015-01-31 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-31 22:39 - 2015-01-31 22:39 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-31 22:37 - 2015-01-31 22:38 - 00028496 _____ () C:\Users\Justin\Downloads\msvcr110.zip
2015-01-26 20:08 - 2015-01-26 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:58 - 2015-01-25 12:58 - 00001435 _____ () C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 21:31 - 2014-09-30 20:39 - 00000000 ____D () C:\Users\Justin\Desktop\TOOLS
2015-02-19 21:29 - 2014-12-11 18:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 21:14 - 2010-08-23 00:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 21:12 - 2014-09-28 17:31 - 02094749 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 21:05 - 2014-09-29 11:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 21:05 - 2010-08-23 00:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 15:31 - 2009-07-13 20:45 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 15:31 - 2009-07-13 20:45 - 00025904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 15:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 21:07 - 2014-12-31 11:39 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Justin)
2015-02-18 21:04 - 2009-07-13 21:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-18 17:48 - 2015-01-12 19:19 - 00000000 ____D () C:\MGtools
2015-02-16 20:27 - 2009-07-13 20:45 - 00342256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 20:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-16 20:20 - 2014-09-29 08:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 20:20 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-16 20:12 - 2014-09-28 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 18:59 - 2014-09-29 10:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-16 18:40 - 2014-11-19 13:42 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-16 14:09 - 2014-11-09 09:50 - 00000712 __RSH () C:\ProgramData\ntuser.pol
2015-02-16 14:09 - 2010-08-23 00:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-13 17:55 - 2014-09-28 19:40 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-13 17:27 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Justin\AppData\Local\Adobe
2015-02-13 17:27 - 2010-08-23 00:31 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-13 17:26 - 2014-09-28 18:14 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Adobe
2015-02-09 21:02 - 2014-11-20 13:54 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-02-04 17:29 - 2014-12-11 18:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 17:29 - 2014-09-30 21:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 17:29 - 2014-09-30 21:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 16:19 - 2014-12-31 11:39 - 00002155 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-02-01 11:13 - 2014-10-06 18:41 - 00000000 ____D () C:\Users\Justin\Documents\My Games
2015-01-29 17:49 - 2014-09-28 19:55 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 17:15 - 2014-09-29 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 12:49 - 2014-10-27 18:14 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\uTorrent
2015-01-20 18:00 - 2014-12-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II

==================== Files in the root of some directories =======

2014-11-09 00:02 - 2014-11-09 00:02 - 0000000 ___SH () C:\Users\Justin\AppData\Local\LumaEmu
2014-11-10 13:04 - 2014-11-10 13:04 - 0000000 _____ () C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 20:47

==================== End Of Log ============================

Posted by flashh4

flashh4 · February 20, 2015

Posted by flashh4

# AdwCleaner v4.111 - Logfile created 19/02/2015 at 21:46:01
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Justin - JUSTIN-PC
# Running from : C:\Users\Justin\Desktop\TOOLS\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : [x64] HKLM\SOFTWARE\TBID
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v38.0.2125.111

*************************

AdwCleaner[R1].txt - [3397 bytes] - [20/11/2014 13:50:43]
AdwCleaner[R2].txt - [2261 bytes] - [20/11/2014 23:31:46]
AdwCleaner[R3].txt - [975 bytes] - [20/11/2014 23:36:54]
AdwCleaner[R4].txt - [3074 bytes] - [29/12/2014 11:26:17]
AdwCleaner[R5].txt - [7314 bytes] - [19/02/2015 21:37:20]
AdwCleaner[s0].txt - [2235 bytes] - [20/11/2014 23:33:05]
AdwCleaner[s1].txt - [2688 bytes] - [29/12/2014 12:01:44]
AdwCleaner[s2].txt - [7037 bytes] - [19/02/2015 21:46:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [7096 bytes] ##########

flashh4 · February 20, 2015

Posted by flashh4

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-19 21:51:39
-----------------------------
21:51:39.428    OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:39.428    Number of processors: 8 586 0x1E05
21:51:39.444    ComputerName: JUSTIN-PC UserName: Justin
21:51:48.086    Initialize success
21:51:48.211    VM: initialized successfully
21:51:48.227    VM: Intel CPU supported
21:52:00.174    VM: disk I/O iaStorA.sys
21:52:51.006    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000076
21:52:51.022    Disk 0 Vendor: ATA_____ 1U__ Size: 953869MB BusType: 11
21:52:51.022    Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
21:52:51.038    Disk 1 Vendor: ATA_____ TSM1 Size: 476940MB BusType: 11
21:52:51.272    Disk 0 MBR read successfully
21:52:51.287    Disk 0 MBR scan
21:52:51.287    Disk 0 Windows XP default MBR code
21:52:51.318    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1499 MB offset 2048
21:52:51.334    Disk 0 default boot code
21:52:51.350    Disk 0 Partition - 00     0F Extended LBA            952368 MB offset 3073985
21:52:51.396    Disk 0 Partition 2 00     17 Hidd HPFS/NTFS NTFS        15360 MB offset 3074048
21:52:51.412    Disk 0 Partition - 00     05     Extended            937007 MB offset 34533313
21:52:51.786    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       937007 MB offset 34533376
21:52:52.020    Disk 0 scanning C:\Windows\system32\drivers
21:53:07.636    Service scanning
21:53:56.402    Modules scanning
21:53:56.417    Disk 0 trace - called modules:
21:53:56.433    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
21:53:56.448    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009295790]
21:53:56.464    3 CLASSPNP.SYS[fffff88001e4943f] -> nt!IofCallDriver -> [0xfffffa800928f080]
21:53:56.480    5 iaStorF.sys[fffff8800124d168] -> nt!IofCallDriver -> \Device\00000076[0xfffffa80073fa9c0]
21:53:56.495    Disk 0 statistics 97095/0/0 @ 3.09 MB/s
21:53:56.511    Scan finished successfully
21:54:24.123    Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\BC_LOGS\MBR.dat"
21:54:24.154    The log file has been saved successfully to "C:\Users\Justin\Desktop\BC_LOGS\aswMBR.txt"

flashh4 · February 20, 2015

Posted by flashh4

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/19/2015
Scan Time: 9:55:19 PM
Logfile: MB_log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.20.03
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Justin

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 331348
Time Elapsed: 9 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

flashh4 · February 20, 2015

Posted by flashh4

OTL logfile created on: 2/19/2015 10:12:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.52% Memory free
15.98 Gb Paging File | 13.48 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.86 Gb Free Space | 93.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2015/02/19 21:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015/02/09 09:56:20 | 014,433,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015/02/09 09:10:54 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2015/01/26 20:08:22 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/11/12 17:51:36 | 001,353,216 | ---- | M] (Beats) -- C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
PRC - [2014/09/29 11:10:27 | 001,084,704 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/12/02 13:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/29 15:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

========== Modules (No Company Name) ==========

MOD - [2015/02/11 21:45:29 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\89ef6f0d-720e-41b4-87a8-f73bc2dc4702\AgileDotNetRT.dll
MOD - [2015/02/11 21:45:25 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\fa61b113-4558-4059-98c0-57a52cd5a7b6\AgileDotNetRT.dll
MOD - [2015/01/26 20:08:22 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/29 23:22:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/11/29 23:22:46 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/29 23:22:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/11/29 23:22:41 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/11/29 23:22:41 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/11/29 23:22:39 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/29 23:22:37 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/29 09:15:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/11 20:52:26 | 007,008,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\CovenantEyesCommService.exe -- (CovenantEyesCommService)
SRV:64bit: - [2014/12/11 20:52:10 | 004,956,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\authServer.exe -- (Auth Service)
SRV:64bit: - [2014/12/11 00:42:12 | 005,950,456 | ---- | M] (CovenantEyes) [Auto | Running] -- C:\Program Files\CE\CovenantEyesProxy.exe -- (CovenantEyesProxy)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/02/19 21:49:33 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/12/11 00:42:12 | 000,045,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cewd64r.sys -- (cewd64r)
DRV:64bit: - [2014/12/11 00:42:12 | 000,031,736 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cewd64f.sys -- (cewd64f)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9686CA57-8640-431D-94ED-E28313E45324}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{C449196E-1851-4D6B-B9C2-10C11720D0B1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{FF6445E7-7616-4807-8731-57A0EB8FCC9B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS607
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-integrated-extension%40covenanteyes.com:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B072873d7-9d10-8691-844a-4e1c90410809%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CE\extensions\firefox\[email protected] [2015/02/16 14:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/19 21:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/18 17:55:21 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{072873d7-9d10-8691-844a-4e1c90410809}
[2015/02/19 21:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\staged
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/16 14:09:09 | 000,000,000 | ---D | M] ("Covenant Eyes for Firefox") -- C:\PROGRAM FILES\CE\EXTENSIONS\FIREFOX\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://search.yahoo.com/?type=523482&fr=yo-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Google Webspam Report = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\120\
CHR - Extension: SickBeardConnect = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb\160\
CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2015/02/17 21:47:00 | 000,464,145 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 15673 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe ()
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk = C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/19 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\BC_LOGS
[2015/02/19 21:29:15 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/18 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG_LOGS
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:37 | 006,041,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/16 19:59:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:09:28 | 000,338,936 | ---- | C] (CovenantEyes) -- C:\Windows\SysWow64\CovenantEyesProxy.dll
[2015/02/16 14:09:25 | 000,408,056 | ---- | C] (CovenantEyes) -- C:\Windows\SysNative\CovenantEyesProxy64.dll
[2015/02/16 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CovenantEyes
[2015/02/16 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
[2015/02/16 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CE
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/19 22:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/19 21:56:00 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/19 21:56:00 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/19 21:49:33 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/19 21:48:49 | 003,714,638 | ---- | M] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/19 21:48:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/19 21:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/19 21:47:12 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/19 21:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/18 21:04:47 | 000,013,624 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/17 21:47:00 | 000,464,145 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/16 14:09:37 | 000,000,712 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/19 21:48:45 | 003,714,638 | ---- | C] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/02/16 14:13:31 | 000,045,048 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64r.sys
[2015/02/16 14:13:20 | 000,031,736 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64f.sys
[2015/02/16 14:09:35 | 000,013,624 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,665 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,712 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2015/01/25 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹

< End of report >

flashh4 · February 20, 2015

Posted by flashh4

OTL Extras logfile created on: 2/19/2015 10:12:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.52% Memory free
15.98 Gb Paging File | 13.48 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.86 Gb Free Space | 93.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6429F09-B0CB-4BAB-A8C2-13917600056D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{31AEC7D4-1500-4449-B8E5-DF17943430F4}" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{713779BE-CDD5-4794-9D61-4B82364FBF0D}" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{1C9C2F83-E3C5-434F-A418-74B8A490346E}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=6 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"TCP Query User{65D59D25-2F27-4A1D-BAA2-BE9711A692D8}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{E8652234-CE3F-4DF2-9465-02C6AA6CDCC6}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{EB2EF2D6-5D59-4DCF-9318-C815804AF131}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{2218C63C-74BF-493B-B6D8-EECE77C5D1DA}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=17 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"UDP Query User{699DD4FD-37CE-4845-8293-0B112C00B8BE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{A3DAC996-0A7F-4EBC-B270-536E727833FC}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{D7A071A5-C782-48AA-8D82-EB8BAB3AC7DE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
"uTorrent" = ÂµTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2015 1:05:09 AM | Computer Name = Justin-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The ESENT error was: -550.

Error - 2/20/2015 1:46:04 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x404 Faulting application start time: 0x01d04cd0839a070f Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: c16f0954-b8c3-11e4-a6f5-e839df8b9bc0

Error - 2/20/2015 1:46:07 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x80c Faulting application start time: 0x01d04cd085d2eff1 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: c39285d3-b8c3-11e4-a6f5-e839df8b9bc0

Error - 2/20/2015 1:46:18 AM | Computer Name = Justin-PC | Source = TOSHIBA Service Station | ID = 0
Description = The following module failed to stop processing: Software Updates.
Error: Operation failed.

Error - 2/20/2015 1:46:18 AM | Computer Name = Justin-PC | Source = TOSHIBA Service Station | ID = 0
Description = The following module failed to stop processing: Alerts. Error: Operation
failed.

Error - 2/20/2015 1:46:18 AM | Computer Name = Justin-PC | Source = TOSHIBA Service Station | ID = 0
Description = The following module failed to stop processing: PC Health Info Connection.
Error: Operation failed.

Error - 2/20/2015 1:49:02 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1210 Faulting application start time: 0x01d04cd0e422c88a Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 2b7627c7-b8c4-11e4-8b46-e839df8b9bc0

Error - 2/20/2015 1:49:22 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Faulting module name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Exception code: 0x40000015 Fault offset: 0x00000000004a5626 Faulting
process id: 0x1bf0 Faulting application start time: 0x01d04cd0f47ddd0c Faulting application
path: C:\Program Files\CE\CovenantEyes.exe Faulting module path: C:\Program Files\CE\CovenantEyes.exe
Report
Id: 378a434b-b8c4-11e4-8b46-e839df8b9bc0

Error - 2/20/2015 1:49:27 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1a0c Faulting application start time: 0x01d04cd0fb79867a Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 3a7814c1-b8c4-11e4-8b46-e839df8b9bc0

Error - 2/20/2015 1:49:30 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1b0c Faulting application start time: 0x01d04cd0fe949216 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 3c8624de-b8c4-11e4-8b46-e839df8b9bc0

[ System Events ]
Error - 2/20/2015 1:46:03 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/20/2015 1:46:03 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 2/20/2015 1:46:06 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/20/2015 1:46:08 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).

Error - 2/20/2015 1:46:33 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error:   %%3

Error - 2/20/2015 1:48:32 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 2/20/2015 1:48:32 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error:   %%1053

Error - 2/20/2015 1:49:21 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/20/2015 1:49:29 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/20/2015 1:49:31 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).

< End of report >

flashh4 · February 20, 2015

Posted by flashh4

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Justin at 2015-02-19 21:33:18
Running from C:\Users\Justin\Desktop\TOOLS
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ÂµTorrent (HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.0.1 - IObit)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)
Beats Updater (HKLM-x32\...\{90B2844D-97AE-436C-B552-2AD8A7F10279}) (Version: 1.1.105.0 - Beats Electronics, LLC)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.16(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.126.0.62 - Conexant)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 5.2.106 - Covenant Eyes, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.1 - IObit)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}) (Version: 2.0.56 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.56 - O2Micro International LTD.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.52 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Folder Migrating Utility (HKLM-x32\...\InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}) (Version: 1.0.3.4 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.02.01.00 - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.02.01.00 - )
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.4.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.40.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-4240997320-3484519886-651873359-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0) (HKLM\...\F72367AEBBC643DDA1061B77B27197CC8403B792) (Version: 07/20/2014 1.2.1.0 - Beats Electronics, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4240997320-3484519886-651873359-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4240997320-3484519886-651873359-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4240997320-3484519886-651873359-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4240997320-3484519886-651873359-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4240997320-3484519886-651873359-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-02-17 21:47 - 00464145 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E593A5-1A44-4D7C-AEE4-E22A84C4134C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {0F05ABBF-2E9D-4690-B517-91893D209E39} - System32\Tasks\Driver Booster SkipUAC (Justin) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-12-30] (IObit)
Task: {2AF6F383-ACE0-4B13-AD36-7C23E1D8944B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-10-02] ()
Task: {43A716F2-35A3-4DBA-83D0-0BA48CEA9F69} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {660F625B-1CFE-4BE1-B5BF-CF193A73C517} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {876FD8CE-B3C3-410D-9E7D-110D9C039ECF} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {880C33A7-7EDB-49DA-8121-8ACC911BF515} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {9C5C4923-EA9D-46B3-B859-153F0FC0C3A0} - System32\Tasks\{C0246FCB-3840-4255-AAC2-E49D0A2FB2E3} => pcalua.exe -a "D:\__GAMES\DARKSIDERS 2010 PC full game ^^nosTEAM^^\WMFDist11-X86-ENU.exe" -d "D:\__GAMES\DARKSIDERS 2010 PC full game ^^nosTEAM^^"
Task: {9DC280F3-01ED-43A6-8CE2-28241CFB1882} - System32\Tasks\Uninstaller_SkipUac_Justin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-09-29] (IObit)
Task: {ACC61A4B-A9A2-48CD-A5F7-8861094460BF} - System32\Tasks\ASC7U_SkipUac_Justin => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2013-12-02] (IObit)
Task: {ED00D251-325F-44F0-9E99-81A56F405967} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-28 19:11 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-16 14:09 - 2014-12-11 20:52 - 07008760 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2014-11-16 20:11 - 2014-11-16 20:11 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-18 14:20 - 2009-10-18 14:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2015-02-16 14:09 - 2014-12-11 20:52 - 11155448 _____ () C:\Program Files\CE\CovenantEyes.exe
2015-02-16 14:09 - 2014-12-11 20:52 - 01053688 _____ () C:\Program Files\CE\nmsvc64.dll
2015-02-16 14:09 - 2014-12-11 20:52 - 00197624 _____ () C:\Program Files\CE\nmsvTree64.dll
2010-01-07 15:52 - 2010-01-07 15:52 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2015-02-16 14:09 - 2014-12-11 20:52 - 09202680 _____ () C:\Program Files\CE\CovenantEyesHelper.exe
2015-02-16 14:09 - 2014-12-11 20:52 - 04956152 _____ () C:\Program Files\CE\authServer.exe
2014-09-29 10:56 - 2013-09-30 14:35 - 01120064 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-09-29 10:56 - 2013-01-15 17:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
2014-09-29 10:56 - 2013-11-14 15:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
2014-09-29 11:50 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-29 11:50 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-29 11:50 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-29 10:56 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
2015-02-11 21:45 - 2015-02-11 21:45 - 00121900 ____N () C:\Users\Justin\AppData\Local\Temp\fa61b113-4558-4059-98c0-57a52cd5a7b6\AgileDotNetRT.dll
2015-02-11 21:45 - 2015-02-11 21:45 - 00121900 ____N () C:\Users\Justin\AppData\Local\Temp\89ef6f0d-720e-41b4-87a8-f73bc2dc4702\AgileDotNetRT.dll
2014-09-29 11:50 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-29 11:50 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-29 10:56 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
2014-09-29 10:56 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
2014-09-29 10:56 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
2015-01-26 20:08 - 2015-01-26 20:08 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-04 17:29 - 2015-02-04 17:29 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71999697.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71999697.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-4240997320-3484519886-651873359-500 - Administrator - Disabled)
Guest (S-1-5-21-4240997320-3484519886-651873359-501 - Limited - Enabled) => C:\Users\Guest
Justin (S-1-5-21-4240997320-3484519886-651873359-1000 - Administrator - Enabled) => C:\Users\Justin

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2015 09:05:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550.

Error: (02/16/2015 08:04:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

Error: (02/16/2015 08:04:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (02/16/2015 07:54:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (02/16/2015 07:39:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Justin\Desktop\TOOLS\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x80070422).

Error: (02/16/2015 06:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKillerX64.exe version 10.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 440

Start Time: 01d04a5b21ffe79a

Termination Time: 5

Application Path: C:\Users\Justin\Desktop\TOOLS\RogueKillerX64.exe

Report Id:

Error: (02/16/2015 06:40:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKillerX64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 137c

Start Time: 01d04a5169f417ad

Termination Time: 6

Application Path: C:\Users\Justin\Downloads\RogueKillerX64.exe

Report Id:

Error: (02/16/2015 02:09:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Justin\AppData\Local\Downloaded Installations\{C45F659D-CCFB-43EC-8F68-D63C56023BE6}\CE-installer-5.2.106-19b4218-master.exe Installations\{C45F659D-CCFB-43EC-8F68-D63C56023BE6}\CE-installer-5.2.106-19b4218-master.exe" /s /f1C:\Users\Justin\AppData\Local\Temp\{4A99D386-1A79-45FF-8034-FD23FFC5244C}\Setup.iss; Description = Installed Covenant Eyes; Error = 0x80070422).

Error: (02/15/2015 03:04:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/15/2015 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

System errors:
=============
Error: (02/19/2015 03:51:19 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/19/2015 03:24:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/19/2015 03:24:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (02/18/2015 09:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/18/2015 09:06:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (02/18/2015 09:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/18/2015 09:05:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (02/18/2015 09:04:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:08:17 PM on â€Ž2/â€Ž18/â€Ž2015 was unexpected.

Error: (02/18/2015 05:47:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (02/17/2015 09:38:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Microsoft Office Sessions:
=========================
Error: (02/18/2015 09:05:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -550

Error: (02/16/2015 08:04:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422

Error: (02/16/2015 08:04:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (02/16/2015 07:54:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (02/16/2015 07:39:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Justin\Desktop\TOOLS\HitmanPro_x64.exe Checkpoint by HitmanPro0x80070422

Error: (02/16/2015 06:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RogueKillerX64.exe10.3.0.044001d04a5b21ffe79a5C:\Users\Justin\Desktop\TOOLS\RogueKillerX64.exe

Error: (02/16/2015 06:40:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RogueKillerX64.exe0.0.0.0137c01d04a5169f417ad6C:\Users\Justin\Downloads\RogueKillerX64.exe

Error: (02/16/2015 02:09:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Justin\AppData\Local\Downloaded Installations\{C45F659D-CCFB-43EC-8F68-D63C56023BE6}\CE-installer-5.2.106-19b4218-master.exe Installations\{C45F659D-CCFB-43EC-8F68-D63C56023BE6}\CE-installer-5.2.106-19b4218-master.exe" /s /f1C:\Users\Justin\AppData\Local\Temp\{4A99D386-1A79-45FF-8034-FD23FFC5244C}\Setup.issInstalled Covenant Eyes0x80070422

Error: (02/15/2015 03:04:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/15/2015 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

==================== Memory info ===========================

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 29%
Total physical RAM: 8180.48 MB
Available physical RAM: 5775.77 MB
Total Pagefile: 16359.15 MB
Available Pagefile: 13350.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI105970W0D) (Fixed) (Total:915.05 GB) (Free:857.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:398.81 GB) NTFS
Drive e: (Games 17) (CDROM) (Total:21.29 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3449E9DE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=930 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 385F71DD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

flashh4 · February 20, 2015

Hey thesaithproject, looking over your logs now to see what is causing your problems !!

Thanks

Chuck

flashh4 · February 20, 2015

Hey project lets get started & see what we can do to fix the problem !!

Fist let's do a FRST Fix Script

Open notepad (Start =>All Programs => Accessories => Notepad).
Or Press the Windows key Windows_Logo >>>> + r on your keyboard at the same time. Type in notepad and press Enter
Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt

Please copy the entire contents of the code box below.

startCloseProcesses:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONHKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\...\Run: [] => [X]SearchScopes: HKLM -> {9686CA57-8640-431D-94ED-E28313E45324} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =SearchScopes: HKLM-x32 -> {C449196E-1851-4D6B-B9C2-10C11720D0B1} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> DefaultScope {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {9686CA57-8640-431D-94ED-E28313E45324} URL =SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo...&type=523482&p={searchTerms}SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {FF6445E7-7616-4807-8731-57A0EB8FCC9B} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS607Toolbar: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileS3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]EmptyTemp:Hosts:CMD: ipconfig /flushdnsEnd

=============================

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Post that log next (DO NOT ATTACH THE LOG)

Thanks

Chuck

flashh4 · February 20, 2015

Hi project, i need a fresh OTL log please !!

Open OTL and run a new scan, paste both logs into your next post !

Also run this program & post the log !!

Download DDS and save it to your Desktop. >>> DDS

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

Thanks

Chuck

flashh4 · February 20, 2015

Project, just looked back threw the logs and found what we call a P2P (Person 2 Person) program so i have to give you a warning like all Malware fighters do on all sites !!

>>>> 2015-01-25 12:49 - 2014-10-27 18:14 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\uTorrent <<<<

P2P Warning

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htm
File sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers
USAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
infoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft
Below are a few more articles on P2P that you may wish to read ....
http://www.us-cert.gov/cas/tips/ST05-007.html
http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://www.benedelman.org/spyware/p2p/
http://www.pcworld.com/article/126230/i ... works.html

Either refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!!

We still have a lot more to get you clean !!

Thanks

Chuck

thesaithproject · February 22, 2015

Hi Chuck,

Thanks for all of your help so far. Sorry for attaching the logs. Below is everything that you have asked for. Also, I've removed utorrent from this machine.

-----------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Justin at 2015-02-20 17:44:10 Run:1
Running from C:\Users\Justin\Desktop\TOOLS
Loaded Profiles: Justin (Available profiles: Justin & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> {9686CA57-8640-431D-94ED-E28313E45324} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {C449196E-1851-4D6B-B9C2-10C11720D0B1} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> DefaultScope {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {6F1DB67A-D8D4-4060-960C-958F0C423DB2} URL = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {9686CA57-8640-431D-94ED-E28313E45324} URL =
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo...&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> {FF6445E7-7616-4807-8731-57A0EB8FCC9B} URL = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS607
Toolbar: HKU\S-1-5-21-4240997320-3484519886-651873359-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9686CA57-8640-431D-94ED-E28313E45324}" => Key deleted successfully.
HKCR\CLSID\{9686CA57-8640-431D-94ED-E28313E45324} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C449196E-1851-4D6B-B9C2-10C11720D0B1}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C449196E-1851-4D6B-B9C2-10C11720D0B1} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}" => Key deleted successfully.
HKCR\CLSID\{6F1DB67A-D8D4-4060-960C-958F0C423DB2} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9686CA57-8640-431D-94ED-E28313E45324}" => Key deleted successfully.
HKCR\CLSID\{9686CA57-8640-431D-94ED-E28313E45324} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF6445E7-7616-4807-8731-57A0EB8FCC9B}" => Key deleted successfully.
HKCR\CLSID\{FF6445E7-7616-4807-8731-57A0EB8FCC9B} => Key not found.
HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 286.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:46:52 ====

thesaithproject · February 22, 2015

OTL logfile created on: 2/20/2015 6:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.81% Memory free
15.98 Gb Paging File | 13.56 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 858.14 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2015/02/19 21:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015/02/09 09:56:20 | 014,433,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015/02/09 09:10:54 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2015/01/26 20:08:22 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/11/12 17:51:36 | 001,353,216 | ---- | M] (Beats) -- C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
PRC - [2014/09/29 11:10:27 | 001,084,704 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/12/02 13:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
PRC - [2012/04/23 18:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2010/06/28 19:55:14 | 002,721,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/05/20 19:00:02 | 000,275,984 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/04/19 15:07:42 | 000,677,192 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/03/16 18:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/29 15:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/07/24 10:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (No Company Name) ==========

MOD - [2015/02/20 17:49:25 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\89ef6f0d-720e-41b4-87a8-f73bc2dc4702\AgileDotNetRT.dll
MOD - [2015/02/20 17:49:23 | 000,121,900 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\fa61b113-4558-4059-98c0-57a52cd5a7b6\AgileDotNetRT.dll
MOD - [2015/01/26 20:08:22 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/29 23:22:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/11/29 23:22:46 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/29 23:22:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/11/29 23:22:41 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/11/29 23:22:41 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/11/29 23:22:39 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/29 23:22:37 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/29 09:15:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/30 14:35:56 | 001,120,064 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/11 20:52:26 | 007,008,760 | ---- | M] () [Auto | Running] -- C:\Program Files\CE\CovenantEyesCommService.exe -- (CovenantEyesCommService)
SRV:64bit: - [2014/12/11 20:52:10 | 004,956,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\authServer.exe -- (Auth Service)
SRV:64bit: - [2014/12/11 00:42:12 | 005,950,456 | ---- | M] (CovenantEyes) [Auto | Running] -- C:\Program Files\CE\CovenantEyesProxy.exe -- (CovenantEyesProxy)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/02/20 17:51:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/12/11 00:42:12 | 000,045,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cewd64r.sys -- (cewd64r)
DRV:64bit: - [2014/12/11 00:42:12 | 000,031,736 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cewd64f.sys -- (cewd64f)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-integrated-extension%40covenanteyes.com:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B3b20c93b-3c59-6154-a197-e63672e18722%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CE\extensions\firefox\[email protected] [2015/02/16 14:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/16 14:09:09 | 000,000,000 | ---D | M] ("Covenant Eyes for Firefox") -- C:\PROGRAM FILES\CE\EXTENSIONS\FIREFOX\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://search.yahoo.com/?type=523482&fr=yo-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Google Webspam Report = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\120\
CHR - Extension: SickBeardConnect = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb\160\
CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2015/02/20 17:44:17 | 000,013,349 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 216.239.32.20   www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 175 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe ()
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk = C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/19 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\BC_LOGS
[2015/02/19 21:29:15 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/18 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG_LOGS
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:37 | 006,041,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/16 19:59:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:09:28 | 000,338,936 | ---- | C] (CovenantEyes) -- C:\Windows\SysWow64\CovenantEyesProxy.dll
[2015/02/16 14:09:25 | 000,408,056 | ---- | C] (CovenantEyes) -- C:\Windows\SysNative\CovenantEyesProxy64.dll
[2015/02/16 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CovenantEyes
[2015/02/16 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
[2015/02/16 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CE
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/20 18:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/20 18:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/20 17:56:53 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/20 17:56:53 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/20 17:51:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/20 17:49:39 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/20 17:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/20 17:47:57 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/20 17:44:17 | 000,013,349 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/19 22:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/19 21:48:49 | 003,714,638 | ---- | M] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/18 21:04:47 | 000,013,624 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/19 21:48:45 | 003,714,638 | ---- | C] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/02/16 14:13:31 | 000,045,048 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64r.sys
[2015/02/16 14:13:20 | 000,031,736 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64f.sys
[2015/02/16 14:09:35 | 000,013,624 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,665 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2015/01/25 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹

< End of report >

thesaithproject · February 22, 2015

OTL Extras logfile created on: 2/20/2015 6:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.81% Memory free
15.98 Gb Paging File | 13.56 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 858.14 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6429F09-B0CB-4BAB-A8C2-13917600056D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{31AEC7D4-1500-4449-B8E5-DF17943430F4}" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{713779BE-CDD5-4794-9D61-4B82364FBF0D}" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{1C9C2F83-E3C5-434F-A418-74B8A490346E}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=6 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"TCP Query User{65D59D25-2F27-4A1D-BAA2-BE9711A692D8}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{E8652234-CE3F-4DF2-9465-02C6AA6CDCC6}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{EB2EF2D6-5D59-4DCF-9318-C815804AF131}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{2218C63C-74BF-493B-B6D8-EECE77C5D1DA}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=17 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"UDP Query User{699DD4FD-37CE-4845-8293-0B112C00B8BE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{A3DAC996-0A7F-4EBC-B270-536E727833FC}C:\users\justin\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{D7A071A5-C782-48AA-8D82-EB8BAB3AC7DE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
"uTorrent" = ÂµTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2015 9:33:19 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x11d8 Faulting application start time: 0x01d04d76543108ab Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 9d2e7e38-b969-11e4-92f7-e839df8b9bc0

Error - 2/20/2015 9:33:47 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0xdcc Faulting application start time: 0x01d04d766f6ac5cd Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: adfbd4c7-b969-11e4-92f7-e839df8b9bc0

Error - 2/20/2015 9:33:51 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x18ec Faulting application start time: 0x01d04d76723c06c0 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: b04c8b6c-b969-11e4-92f7-e839df8b9bc0

Error - 2/20/2015 9:34:41 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
time stamp: 0x5315a05a Exception code: 0xe06d7363 Fault offset: 0x000000000000940d
Faulting
process id: 0xb0c Faulting application start time: 0x01d04d764c6e272c Faulting application
path: C:\Program Files\CE\CovenantEyes.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: cdfd1537-b969-11e4-92f7-e839df8b9bc0

Error - 2/20/2015 9:34:42 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1ab8 Faulting application start time: 0x01d04d7690eda528 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: cec9cb8e-b969-11e4-92f7-e839df8b9bc0

Error - 2/20/2015 9:49:52 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1334 Faulting application start time: 0x01d04d78a5350479 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: ece9fc21-b96b-11e4-b31b-e839df8b9bc0

Error - 2/20/2015 9:50:12 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1534 Faulting application start time: 0x01d04d78bb11479d Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: f9007905-b96b-11e4-b31b-e839df8b9bc0

Error - 2/20/2015 9:50:15 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x19f0 Faulting application start time: 0x01d04d78bc8e23c9 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: fa63260e-b96b-11e4-b31b-e839df8b9bc0

Error - 2/20/2015 9:50:24 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CovenantEyes.exe, version: 0.0.0.0, time
stamp: 0x548a4534 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
time stamp: 0x5315a05a Exception code: 0xe06d7363 Fault offset: 0x000000000000940d
Faulting
process id: 0xe7c Faulting application start time: 0x01d04d78958a15cb Faulting application
path: C:\Program Files\CE\CovenantEyes.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: ffd86dcf-b96b-11e4-b31b-e839df8b9bc0

Error - 2/20/2015 9:50:25 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1720 Faulting application start time: 0x01d04d78c2c8fdc0 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 0096dbe4-b96c-11e4-b31b-e839df8b9bc0

[ System Events ]
Error - 2/20/2015 9:44:11 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/20/2015 9:44:11 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The IviRegMgr service terminated unexpectedly. It has done this 1
time(s).

Error - 2/20/2015 9:44:41 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error:   %%1056

Error - 2/20/2015 9:49:20 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 2/20/2015 9:49:20 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error:   %%1053

Error - 2/20/2015 9:50:10 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/20/2015 9:50:10 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7023
Description = The Diagnostic System Host service terminated with the following error:
   %%1052

Error - 2/20/2015 9:50:13 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/20/2015 9:50:15 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).

Error - 2/20/2015 9:50:26 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
4 time(s).

< End of report >

thesaithproject · February 22, 2015

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.25.2
Run by Justin at 20:57:41 on 2015-02-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8180.5160 [GMT -8:00]
.
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CE\CovenantEyesCommService.exe
C:\Program Files\CE\CovenantEyesProxy.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\CE\CovenantEyes.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
C:\Program Files\CE\CovenantEyesHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com

mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
uRun: [CCleaner Monitoring] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Justin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SWITCH~1.LNK - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\CovenantEyesProxy.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 216.239.32.20   www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-12-31 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-12-31 28216]
R0 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-11-16 77032]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2014-9-28 482384]
R1 cewd64f;cewd64f service;\??\C:\Windows\System32\Drivers\cewd64f.sys --> C:\Windows\System32\Drivers\cewd64f.sys [?]
R1 cewd64r;cewd64r service;\??\C:\Windows\System32\Drivers\cewd64r.sys --> C:\Windows\System32\Drivers\cewd64r.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-30 26528]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2014-9-29 886592]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [2014-9-29 646976]
R2 CovenantEyesCommService;Covenant Eyes Communication Service;C:\Program Files\CE\CovenantEyesCommService.exe [2015-2-16 7008760]
R2 CovenantEyesProxy;CovenantEyesProxy;C:\Program Files\CE\CovenantEyesProxy.exe [2015-2-16 5950456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-29 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-29 969016]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2014-9-28 14112]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-29 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-29 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-29 171928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-28 5249808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2015-2-1 129224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-29 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-29 63704]
R3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2009-8-18 49568]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2014-9-28 35008]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2014-12-31 1226344]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2014-12-31 230280]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-12-31 34544]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-9-28 35112]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-9-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S2 Auth Service;Auth Service;C:\Program Files\CE\authServer.exe [2015-2-16 4956152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-9-29 2281248]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-11-8 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-16 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-29 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-29 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2014-10-2 14544]
.
=============== Created Last 30 ================
.
2015-02-20 05:29:15   --------   d-----w-   C:\FRST
2015-02-17 03:58:16   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2015-02-17 03:57:39   406528   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-17 03:57:39   308224   ----a-w-   C:\Windows\SysWow64\scesrv.dll
2015-02-17 03:57:32   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-02-17 03:57:32   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-17 03:57:31   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-02-17 03:57:31   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-02-17 03:57:30   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-02-17 03:57:30   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-02-17 03:57:30   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-02-17 03:57:15   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-17 03:54:24   11870360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EC4876B-CCEE-4F5C-AE48-3B89FE847DD2}\mpengine.dll
2015-02-17 03:32:43   --------   d-----w-   C:\Program Files\HitmanPro
2015-02-17 00:52:21   --------   d-sh--w-   C:\Users\Justin\AppData\Local\EmieBrowserModeList
2015-02-16 22:09:28   338936   ----a-w-   C:\Windows\SysWow64\CovenantEyesProxy.dll
2015-02-16 22:09:25   408056   ----a-w-   C:\Windows\System32\CovenantEyesProxy64.dll
2015-02-16 22:09:21   --------   d-----w-   C:\ProgramData\CovenantEyes
2015-02-16 22:09:08   --------   d-----w-   C:\Program Files\CE
2015-02-16 22:06:32   --------   d-----w-   C:\Users\Justin\AppData\Local\Downloaded Installations
2015-02-12 01:46:37   --------   d-----w-   C:\ProgramData\Steam
2015-02-05 01:29:09   5070512   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 00:35:05   --------   d-----w-   C:\Program Files (x86)\Common Files\Steam
2015-02-01 22:43:57   129224   ----a-w-   C:\Windows\System32\drivers\L1C62x64.sys
.
==================== Find3M ====================
.
2015-02-22 04:53:01   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-17 02:40:51   37624   ----a-w-   C:\Windows\System32\drivers\TrueSight.sys
2015-02-05 01:29:19   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 01:29:19   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-20 03:15:10   121984   ----a-w-   C:\Windows\SysWow64\steam_api.dll
2015-01-19 03:01:54   30536   ----a-w-   C:\Windows\System32\nvhdap64.dll
2015-01-19 03:01:54   195728   ----a-w-   C:\Windows\System32\drivers\nvhda64v.sys
2015-01-19 03:01:54   1540240   ----a-w-   C:\Windows\System32\nvhdagenco64.dll
2015-01-19 02:58:01   18594432   ----a-w-   C:\Windows\System32\nvwgf2umx.dll
2015-01-19 02:58:01   16040184   ----a-w-   C:\Windows\SysWow64\nvwgf2um.dll
2015-01-19 02:58:01   13288360   ----a-w-   C:\Windows\System32\nvopencl.dll
2015-01-19 02:58:00   32099472   ----a-w-   C:\Windows\System32\nvoglv64.dll
2015-01-19 02:58:00   24764232   ----a-w-   C:\Windows\SysWow64\nvoglv32.dll
2015-01-19 02:58:00   10770120   ----a-w-   C:\Windows\SysWow64\nvopencl.dll
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-13 03:10:22   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57   6041088   ----a-w-   C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-01-08 00:09:48   1876296   ----a-w-   C:\Windows\System32\nvdispco6434475.dll
2015-01-08 00:09:48   1540424   ----a-w-   C:\Windows\System32\nvdispgenco6434475.dll
2014-12-31 20:31:09   1226344   ----a-w-   C:\Windows\System32\drivers\rtl8192se.sys
2014-12-31 20:15:51   81920   ----a-w-   C:\Windows\System32\rusb3co2.dll
2014-12-31 20:15:51   230280   ----a-w-   C:\Windows\System32\drivers\rusb3xhc.sys
2014-12-31 20:10:45   1538880   ----a-w-   C:\Windows\System32\nvhdagenco6420103.dll
2014-12-31 20:08:14   1876296   ----a-w-   C:\Windows\System32\nvdispco6434465.dll
2014-12-31 20:08:14   1539272   ----a-w-   C:\Windows\System32\nvdispgenco6434465.dll
2014-12-31 20:00:31   34544   ----a-w-   C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-12-31 20:00:31   1795952   ----a-w-   C:\Windows\System32\WdfCoInstaller01011.dll
2014-12-31 19:44:02   647736   ----a-w-   C:\Windows\System32\drivers\iaStorA.sys
2014-12-31 19:44:02   28216   ----a-w-   C:\Windows\System32\drivers\iaStorF.sys
2014-12-31 05:32:36   21840   ----a-w-   C:\Windows\SysWow64\SIntfNT.dll
2014-12-31 05:32:36   17212   ----a-w-   C:\Windows\SysWow64\SIntf32.dll
2014-12-31 05:32:36   12067   ----a-w-   C:\Windows\SysWow64\SIntf16.dll
2014-12-31 05:20:55   94208   ----a-w-   C:\Windows\DIIUnin.exe
2014-12-31 05:20:55   2829   ----a-w-   C:\Windows\DIIUnin.pif
2014-12-30 19:19:36   26528   ----a-w-   C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-23 08:41:02   298120   ------w-   C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 08:03:15   6859408   ----a-w-   C:\Windows\System32\nvcpl.dll
2014-12-13 08:03:15   3513488   ----a-w-   C:\Windows\System32\nvsvc64.dll
2014-12-13 08:03:13   935240   ----a-w-   C:\Windows\System32\nvvsvc.exe
2014-12-13 08:03:13   62608   ----a-w-   C:\Windows\System32\nvshext.dll
.
============= FINISH: 20:59:10.08 ===============

thesaithproject · February 22, 2015

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2014 7:02:53 PM
System Uptime: 2/21/2015 8:49:41 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Qosmio X505
Processor: Intel® Core i7 CPU       Q 740 @ 1.73GHz | CPU 1 | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 858.208 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 398.814 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_VID&000100CC_PID&2000\8&D0BBAE3&0&0488E20FE618_C00000001
Service:
.
Class GUID:
Description:
Device ID: RENESAS_USB3\ROOT_HUB30\5&2CAD7E19&0
Manufacturer:
Name:
PNP Device ID: RENESAS_USB3\ROOT_HUB30\5&2CAD7E19&0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 216.239.32.20   www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ao # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.bw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ck # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.cr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.id # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.il # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.in # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.jp # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ke # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.kr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ls # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ma # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.mz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.nz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.th # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.tz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ug # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.uk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.uz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.ve # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.vi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.za # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.zm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.co.zw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.af # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ag # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ai # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ar # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.au # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.bd # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.bh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.bn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.bo # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.br # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.bz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.co # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.cu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.cy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.do # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ec # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.eg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.et # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.fj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.gh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.gi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.gt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.hk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.jm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.kh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.kw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.lb # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.lc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ly # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.mm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.mt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.mx # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.my # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.na # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.nf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ng # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ni # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.np # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.om # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.pa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.pe # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.pg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ph # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.pk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.pr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.py # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.qa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.sa # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.sb # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.sg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.sl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.sv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.tj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.tn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.tr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.tw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.ua # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.uy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.vc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.com.vn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.cz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.de # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.dj # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.dk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.dm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.dz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ee # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.es # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.fi # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.fm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.fr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ga # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ge # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gf # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gp # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.gy # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.hn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.hr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ht # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.hu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ie # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.im # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.io # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.iq # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ir # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.is # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.it # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.je # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.jo # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.kg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ki # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.kz # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.la # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.li # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.lk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.lt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.lu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.lv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.md # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.me # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ml # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ms # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mv # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.mw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ne # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.nl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.no # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.nr # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.nu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.pl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.pn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ps # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.pt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ro # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.rs # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ru # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.rw # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.sc # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.se # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.sh # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.si # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.sk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.sm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.sn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.so # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.st # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.td # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tk # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tl # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tm # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tn # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.to # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.tt # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.us # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.vg # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.vu # *DO NOT MODIFY/DELETE THIS ENTRY*
Hosts: 216.239.32.20   www.google.ws # *DO NOT MODIFY/DELETE THIS ENTRY*
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader 9.3
Advanced SystemCare Ultimate 7
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Auto Clicker by Shocker
Beats Updater
Bejeweled 2 Deluxe
BitRaider Web Client
Bluetooth Stack for Windows by Toshiba
CCleaner
Chuzzle Deluxe
Conexant HD Audio
Corel WinDVD
Covenant Eyes
D3DX10
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Diablo II
Dolby Control Center
Driver Booster 2.1
FATE
Game Booster 3
Google Chrome
Google Update Helper
HDMI Control Manager
HijackThis 2.0.2
Intel® Rapid Storage Technology
IObit Uninstaller
Java 8 Update 25
Java Auto Updater
Jewel Quest - Heritage
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Xbox 360 Accessories 1.2
Movie Maker
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
NVIDIA Control Panel 347.09
NVIDIA Display Control Panel
NVIDIA Install Application
NVIDIA PhysX
O2Micro Flash Memory Card Windows Driver
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PowerISO
Quickbooks Financial Center
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Launcher
Spybot - Search & Destroy
Star Wars The Old Republic
Star Wars: The Old Republic
Synaptics Pointing Device Driver
TeamViewer 9
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Folder Migrating Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Wheel of Fortune 2
WildTangent Games
WildTangent ORB Game Console
Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.20 (32-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/21/2015 8:58:07 PM, Error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 4 time(s).
2/21/2015 8:52:16 PM, Error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 3 time(s).
2/21/2015 8:52:13 PM, Error: Service Control Manager [7031] - The Auth Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/21/2015 8:52:04 PM, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service.
2/21/2015 8:52:03 PM, Error: Service Control Manager [7031] - The Auth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/21/2015 8:51:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
2/21/2015 8:51:07 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2015 5:44:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TPCH Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Power Saver service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The TMachInfo service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:11 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The AdvancedSystemCareAntivirus service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:44:10 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).
2/20/2015 5:33:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
2/19/2015 9:46:33 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the path specified.
2/19/2015 3:51:19 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
2/18/2015 5:47:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
2/17/2015 9:38:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/16/2015 2:13:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CovenantEyesProxy service, but this action failed with the following error: An instance of the service is already running.
2/16/2015 2:13:36 PM, Error: Service Control Manager [7031] - The CovenantEyesProxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================

flashh4 · February 22, 2015

Hey Project, looks like you have to many Antivirus protection, i would remove one of these because they can conflict with each other & give false readings !! >>>> Advanced SystemCare Ultimate 7 ...... Spybot - Search & Destroy <<<<
You only need 1 good Antivirus !!!

=======================

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL

:OTLPRC - File not found --IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2015/01/25 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

======================

Also run this program !!

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

Post these logs Next:

1. OTL Log

2. Security Check Log

Let me know how it's running and if you are having any other problems ??

Thanks

Chuck

thesaithproject · February 22, 2015

Hey Chuck,

When I run the fix for OTL it freezes and says not responding. I've tried 3 different times and the same results. I don't lose any icons or the desktop.

Here is the log for security check

---------------------------------------------------------

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Advanced SystemCare Ultimate
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
HijackThis 2.0.2
Java 8 Update 25
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (35.0.1)
Google Chrome 38.0.2125.104 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

flashh4 · February 22, 2015

Project, do you have all your Antivirus shut off ? Did you close all open windows ?

If you do and it still won't run lets try this: Delete OTL and install & run a new scan & post it for me please !!

We will work on the system check log after we get OTL fix to run !!

Thanks

Chuck

thesaithproject · February 22, 2015

I reinstalled OTL and ran the scan.

All the popups and hijacks have stopped so far.

Here is the logs from the new OTL scan

----------------------------------------------------------------

OTL logfile created on: 2/22/2015 2:11:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.23% Memory free
15.98 Gb Paging File | 13.91 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.97 Gb Free Space | 93.76% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2015/02/22 13:51:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TOOLS\OTL.exe
PRC - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/11 20:52:26 | 007,008,760 | ---- | M] () [Auto | Running] -- C:\Program Files\CE\CovenantEyesCommService.exe -- (CovenantEyesCommService)
SRV:64bit: - [2014/12/11 20:52:10 | 004,956,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CE\authServer.exe -- (Auth Service)
SRV:64bit: - [2014/12/11 00:42:12 | 005,950,456 | ---- | M] (CovenantEyes) [Auto | Running] -- C:\Program Files\CE\CovenantEyesProxy.exe -- (CovenantEyesProxy)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/07/28 09:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 15:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2015/02/09 09:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015/02/04 17:29:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:08:22 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/16 20:11:25 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/09/29 11:10:27 | 002,281,248 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/28 16:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/15 10:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/02/22 11:41:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/02/16 18:40:51 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/18 19:01:54 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/12/31 12:31:09 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2014/12/31 12:15:51 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2014/12/31 12:00:31 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/12/31 11:44:02 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/12/31 11:44:02 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/12/11 00:42:12 | 000,045,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cewd64r.sys -- (cewd64r)
DRV:64bit: - [2014/12/11 00:42:12 | 000,031,736 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cewd64f.sys -- (cewd64f)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/02/02 22:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/17 07:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 15:00:50 | 000,077,032 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/06/22 12:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/06/18 15:45:58 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/05/13 18:20:42 | 000,059,704 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/05/08 17:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/26 10:48:40 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/12/30 11:19:36 | 000,026,528 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?brand=TSND&bmod=TSNDg/ [binary data]
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox-integrated-extension%40covenanteyes.com:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B3b20c93b-3c59-6154-a197-e63672e18722%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CE\extensions\firefox\[email protected] [2015/02/16 14:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2015/02/20 17:34:55 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions\{3b20c93b-3c59-6154-a197-e63672e18722}
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:08:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/16 14:09:09 | 000,000,000 | ---D | M] ("Covenant Eyes for Firefox") -- C:\PROGRAM FILES\CE\EXTENSIONS\FIREFOX\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://search.yahoo.com/?type=523482&fr=yo-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Google Webspam Report = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\120\
CHR - Extension: SickBeardConnect = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfjkhejnkopmfdadafjoklibhggokpb\160\
CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2015/02/22 13:17:30 | 000,013,316 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 216.239.32.20   www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 216.239.32.20   www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
O1 - Hosts: 175 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x64\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (Covenant Eyes for Internet Explorer) - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.2.dll (Covenant Eyes)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Covenant Eyes] C:\Program Files\CE\CovenantEyes.exe ()
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [beats Updater] C:\Program Files (x86)\Beats Electronics LLC\Beats Updater.exe (Beats)
O4 - HKU\S-1-5-21-4240997320-3484519886-651873359-1000..\Run: [CCleaner Monitoring] D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch to Gaming Mode.lnk = C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\CovenantEyesProxy64.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\CovenantEyesProxy.dll (CovenantEyes)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943F4E62-F646-47B2-9984-BB8AAE440A45}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/21 22:42:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/02/19 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\BC_LOGS
[2015/02/19 21:29:15 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/18 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG_LOGS
[2015/02/16 20:00:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/16 19:59:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/16 19:59:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/16 19:59:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/16 19:59:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/16 19:59:51 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/16 19:59:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/16 19:59:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/16 19:59:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/16 19:59:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/16 19:59:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/16 19:59:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/16 19:59:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/16 19:59:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/16 19:59:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/16 19:59:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/16 19:59:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/16 19:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/16 19:59:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/16 19:59:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/16 19:59:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/16 19:59:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/16 19:59:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/16 19:59:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/16 19:59:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/16 19:59:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/16 19:59:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/16 19:59:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/16 19:59:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/16 19:59:37 | 006,041,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/16 19:59:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/16 19:59:36 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/16 19:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/16 19:59:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/16 19:58:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/02/16 19:58:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/16 19:58:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/16 19:58:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/16 19:58:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/16 19:58:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/16 19:58:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/16 19:58:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/16 19:58:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/16 19:58:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/16 19:58:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/16 19:58:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/02/16 19:57:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/16 19:57:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/16 19:57:32 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/16 19:57:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/16 19:57:31 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/16 19:57:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/16 19:57:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/16 19:57:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/16 19:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/16 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\JOB
[2015/02/16 16:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Justin\AppData\Local\EmieBrowserModeList
[2015/02/16 14:09:28 | 000,338,936 | ---- | C] (CovenantEyes) -- C:\Windows\SysWow64\CovenantEyesProxy.dll
[2015/02/16 14:09:25 | 000,408,056 | ---- | C] (CovenantEyes) -- C:\Windows\SysNative\CovenantEyesProxy64.dll
[2015/02/16 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CovenantEyes
[2015/02/16 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
[2015/02/16 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\CE
[2015/02/16 14:06:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Downloaded Installations
[2015/02/11 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015/02/04 17:29:09 | 005,070,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2015/02/01 14:43:57 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/31 22:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/26 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/22 14:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/22 13:29:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/22 13:17:30 | 000,013,316 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/22 11:41:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/22 10:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/21 20:58:55 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/21 20:58:55 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/21 20:50:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/21 20:49:50 | 2138,423,295 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/20 17:49:39 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/19 21:48:49 | 003,714,638 | ---- | M] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/18 21:04:47 | 000,013,624 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/18 21:04:47 | 000,003,440 | ---- | M] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/02/18 17:48:17 | 000,287,698 | ---- | M] () -- C:\MGlogs.zip
[2015/02/16 20:27:16 | 000,342,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 18:40:51 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/02/04 17:29:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 17:29:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/04 17:29:09 | 005,070,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/02/04 16:19:52 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2015/02/01 14:43:57 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/25 12:58:40 | 000,001,435 | ---- | M] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/19 21:48:45 | 003,714,638 | ---- | C] () -- C:\Users\Justin\Desktop\CovenantEyesClient_5.2.106.dmp
[2015/02/17 21:45:21 | 000,287,698 | ---- | C] () -- C:\MGlogs.zip
[2015/02/16 14:13:31 | 000,045,048 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64r.sys
[2015/02/16 14:13:20 | 000,031,736 | ---- | C] () -- C:\Windows\SysNative\drivers\cewd64f.sys
[2015/02/16 14:09:35 | 000,013,624 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxy.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysWow64\CovenantEyesProxyOff.ini
[2015/02/16 14:09:35 | 000,003,440 | ---- | C] () -- C:\Windows\SysNative\CovenantEyesProxyOff.ini
[2015/01/25 12:58:40 | 000,001,435 | ---- | C] () -- C:\Users\Justin\Desktop\Play Ultimate Ninja Storm Revolution.lnk
[2015/01/09 19:41:02 | 000,000,665 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/30 21:32:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2014/12/30 21:32:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2014/12/30 21:32:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2014/12/30 21:20:56 | 000,054,175 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014/11/16 20:11:35 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/11/16 20:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/11/10 13:04:58 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\{84C4935A-1895-44F7-AD8C-7FC15396E8AD}
[2014/11/09 09:50:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/09 00:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\Justin\AppData\Local\LumaEmu
[2014/09/29 08:08:38 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/11/30 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2014/12/18 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ProductData
[2014/12/18 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2014/11/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DarkSoulsII
[2014/12/30 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\IObit
[2014/10/27 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2014/11/19 20:33:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Logs
[2014/11/19 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2014/09/29 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PowerISO
[2014/09/29 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProductData
[2014/11/19 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Riot Games
[2014/11/08 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StarTrekPC
[2014/09/28 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2014/11/21 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Theta
[2014/09/29 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Tific
[2014/11/14 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Toshiba
[2014/11/08 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Unity
[2014/12/23 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WebTest
[2014/09/30 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2014/09/28 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
[2014/12/23 22:37:29 | 000,000,000 | ---D | M](C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹
(C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\Justin\AppData\Roaming\Rainmaker Software Group LLC.â€‹

< End of report >

thesaithproject · February 22, 2015

OTL Extras logfile created on: 2/22/2015 2:11:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop\TOOLS
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.23% Memory free
15.98 Gb Paging File | 13.91 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.05 Gb Total Space | 857.97 Gb Free Space | 93.76% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.81 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 21.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{827E59A2-7133-4DD5-B6A4-E8C50744F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8807CB81-3F6A-456C-B508-17C6FF2C17FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62A8579-A976-443A-90B9-47E8D2014697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4D0FF9D-DCF6-4315-BD4F-38DB5769B4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6429F09-B0CB-4BAB-A8C2-13917600056D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FD50364C-AE14-417E-819E-025207B75EF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7AE1F0-5397-4FF6-9A65-8B633DC735D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3C9D16C9-B8A9-4628-83B7-F32937703875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{43F7AF16-1C97-480A-A028-2377212CB658}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{489B7EF4-235D-407E-93D4-4AB8E25980ED}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{55B89F03-01FF-441D-B943-B0EE659187B7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{62A2E2B7-5634-4B16-9142-0FF2540071B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{692EC920-35AC-44DB-80C0-FAA8F215EA13}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{8042073D-60CB-4A5A-BB74-79C727CA0AC5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{957729D9-9209-475A-ABA1-F8FE4D70D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB639DDB-9EBF-4BB0-AD9B-7D823DF290A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC8FE77B-6BDA-4D14-915D-B3D5B424518D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B24FEC84-C769-476F-9972-418A70CB5A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DA92DFB0-C8E5-4610-A540-7F0BA1773241}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{DEE2A0C6-3711-44C6-A2DD-5D221C6A3F41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E092F13F-6898-4BFC-A050-EA5F1B2909F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDFDB99A-2E41-42EA-84E3-3FF6E255FBA3}" = dir=in | app=c:\users\justin\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{1C9C2F83-E3C5-434F-A418-74B8A490346E}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=6 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"TCP Query User{65D59D25-2F27-4A1D-BAA2-BE9711A692D8}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"TCP Query User{8948EE66-56DC-47D0-B1BA-4EBE12A646DB}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{DC8E32F4-30A3-4822-B229-09012FA2D4A3}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"TCP Query User{E8652234-CE3F-4DF2-9465-02C6AA6CDCC6}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{2218C63C-74BF-493B-B6D8-EECE77C5D1DA}D:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe" = protocol=17 | dir=in | app=d:\__games\transformers rise of the dark spark pc multi6 ^^nosteam^^\transformers rise of the dark spark\binaries\transgame.exe |
"UDP Query User{699DD4FD-37CE-4845-8293-0B112C00B8BE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{C50CE22A-EF3E-4494-942A-FE4386233CBE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |
"UDP Query User{D7A071A5-C782-48AA-8D82-EB8BAB3AC7DE}D:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\__games\saints row iv pc full game ^^nosteam^^\saints row iv\saintsrowiv.exe |
"UDP Query User{E249E458-40DD-4333-809F-0741F8F386AE}C:\program files (x86)\beats electronics llc\beats updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beats electronics llc\beats updater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"F72367AEBBC643DDA1061B77B27197CC8403B792" = Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices (07/20/2014 1.2.1.0)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B2844D-97AE-436C-B552-2AD8A7F10279}" = Beats Updater
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 7
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"BitRaider Web Client" = BitRaider Web Client
"Diablo II" = Diablo II
"Driver Booster_is1" = Driver Booster 2.1
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51099A23-4C65-469C-A31B-835E163A4D27}" = TOSHIBA Folder Migrating Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6408053B-4FC3-4087-BB58-68C220D02BA4}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 9" = TeamViewer 9
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.20 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088761" = Wheel of Fortune 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4240997320-3484519886-651873359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2015 12:51:40 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1180 Faulting application start time: 0x01d04e5b352f763c Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 7cf51786-ba4e-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 12:52:12 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0xde0 Faulting application start time: 0x01d04e5b4f7b29c3 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 9028911c-ba4e-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 12:52:15 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x14d8 Faulting application start time: 0x01d04e5b53e37605 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 920e29d4-ba4e-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 12:58:05 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: authServer.exe, version: 0.0.0.0, time
stamp: 0x548a4484 Faulting module name: authServer.exe, version: 0.0.0.0, time stamp:
0x548a4484 Exception code: 0x40000015 Fault offset: 0x000000000027c4e6 Faulting process
id: 0x1bb8 Faulting application start time: 0x01d04e5c246cab14 Faulting application
path: C:\Program Files\CE\authServer.exe Faulting module path: C:\Program Files\CE\authServer.exe
Report
Id: 629c21a4-ba4f-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 2:48:38 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: 610    Start Time:
01d04e6a9f75daf5    Termination Time: 16    Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe

Report
Id: c9daaeac-ba5e-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 4:00:11 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: ce0    Start Time:
01d04e6b9f7227c3    Termination Time: 0    Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe

Report
Id: cf08bde3-ba68-11e4-a1c4-e839df8b9bc0

Error - 2/22/2015 4:24:45 AM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =

Error - 2/22/2015 3:37:54 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =

Error - 2/22/2015 4:05:47 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =

Error - 2/22/2015 5:38:39 PM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: 2e4    Start Time:
01d04ee62cdf4be5    Termination Time: 16    Application Path: C:\Users\Justin\Desktop\TOOLS\OTL.exe

Report
Id: 27873281-badb-11e4-a1c4-e839df8b9bc0

[ System Events ]
Error - 2/22/2015 12:52:03 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/22/2015 12:52:04 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7023
Description = The Diagnostic System Host service terminated with the following error:
   %%1052

Error - 2/22/2015 12:52:13 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7031
Description = The Auth Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/22/2015 12:52:16 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
3 time(s).

Error - 2/22/2015 12:58:07 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Auth Service service terminated unexpectedly. It has done this
4 time(s).

Error - 2/22/2015 1:34:02 AM | Computer Name = Justin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 2/22/2015 2:42:35 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 7 service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/22/2015 2:50:51 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The AdvancedSystemCareAntivirus service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/22/2015 5:17:28 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/22/2015 5:27:01 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

< End of report >

flashh4 · February 23, 2015

Hi Project, glad the pop-ups are gone !!

Now lets see if this OTL fix will run !!

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL

:OTLPRC - File not found --IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post the OTL fix Log next !!

=====================================================

You can go to Control Panel, add remove/uninstall programs and uninstall these:
1. HijackThis <<< Isn't used much any more so i would remove it !!
2. Java 8 Update 25 <<< uninstall this !!
Update Java Runtime

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
[*]Please go here to install Java >>> http://www.java.com/en/

[o] click on the Free Java Download Button
[o] click on Agree and start Free download
[o] click on Run
[o] click on run again
[o] click on install
[o] when install is complete click on close
[*]Reboot your computer

3. Update Adobe Reader

Make sure you uncheck the box to install McAfee Security Scan Plus

Please uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it.
Click here to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.

4. Google Chrome needs updated <<< http://www.wikihow.com/Update-Google-Chrome

5. I would uninstall Spy Bot Search Destroy it's not used much any more but i will leave that up to you !!
Reboot after these updates please !!!

Thanks
Chuck

thesaithproject · February 23, 2015

Hey Chuck,

The OTL fix is still not responding. No clue what's happening there. I've made sure that my realtime protection is disabled and all windows are closed.

I updated/removed all the programs that you said, except for google chrome. It says that updates have been disabled by the administrator, which is weird because I don't use chrome.

flashh4 · February 23, 2015

Project, i have never had a fix that would not run, this is unusual.

You are only copying/pasting this in red below into the fix box right ??

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes,DefaultScope = {6F1DB67A-D8D4-4060-960C-958F0C423DB2}
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240997320-3484519886-651873359-1000\..\SearchScopes\{6F1DB67A-D8D4-4060-960C-958F0C423DB2}: "URL" = http://Vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_dnldstr_15_1_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0FtAyDtAtDtAyEtDtN0D0Tzu0StCtDzytAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDyE0A0E0EyCtGyDtDtC0CtGtB0BzztDtGyDyE0A0AtGtA0C0A0F0D0EyEyE0FtDyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCyE0Ezy0D0E0FtG0D0FtD0AtGyEtBzy0EtG0Bzy0BzytGyC0D0C0C0Fzz0AzyyByB0FtB2Q&cr=594772559&ir=
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/09/29 11:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2015/02/20 17:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions
[2014/12/23 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles4j5gms5n.default-1415828242159\extensions\staged
[2015/01/26 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

===================

What we are trying to remove with the OTL fix is leftover stuff & clean the registry !

If you ran the OTL with everything in RED copied/pasted into the box and it did not work it could be one of the other program we used is interfering with the fix. So our next step would be to remove all the programs we used in cleaning with Delfix then reboot your computer. Then download OTL again & run a new scan and i will write up a new OTL fix !!

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

=======================

About the Google chrome update, if you do not use it i recommend you uninstall it !!

Chuck

Need advice with infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites