Must press F8 and select "Disable Driver Signature Enforcement" to start sytem

[niemiro]

Re: Must press F8 and select "Disable Driver Signature Enforcement" to start sytem

Hi from me too Jim :)

I'm not looking at any of the malware removal tool logfiles, only the Windows Update & Event Log stuff.

First, appinfo.dll search result. Some of those files are unusual. First, I would like to clearly state that none of the backup/temp files are created by SFCFix. My tool doesn't create backups in those locations, and under your system, no backup would ever have been made (because the file was originally completely missing - nothing to backup).

The C:\Windows\System32\appinfo.dl$ file is unusual, as is the C:\Temp\appinfo.dll. They may have been made by one of the anti-malware tools, I would not know/don't think it's very easy to know anymore.



Your latest SFC scan is interesting. Now there's another corrupt file: unsecapp.exe. Again, it's listed as missing as opposed to corrupt.



As for your audit failures, they're a bit curious. Pulling out all repetition:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.Error Code: 2

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
{for multiple files individually, collected together below}


File Name: \Device\HarddiskVolume2\Windows\System32\drivers\WUDFPf.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\luafv.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\spsys.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\drmkaud.sys
File Name: \Device\HarddiskVolume2\Windows\System32\atmfd.dll
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\rdpwd.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tssecsrv.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mpsdrv.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\cdfs.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mrxdav.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\bowser.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mrxsmb10.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mrxsmb.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\http.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\nwifi.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\lltdio.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\rspndr.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\ndisuio.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tdtcp.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\PEAuth.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mrxsmb20.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpipreg.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\secdrv.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\asyncmac.sys
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\ndisuio.sys

That, unfortunately, is slightly hard to believe. It seems reasonably unlikely that the malware could really pull off a modification on all of those files without a single tool detecting anything. It's certainly possible, it just seems like there should be a better explanation. However, if any of them are corrupt (after all, a hash mismatch could just be a corruption, doesn't have to be malicious, and hardware failure cannot yet be ruled out here), these files could certainly offer an explanation for your driver signature enforcement problem.

Additionally, if there's no malware, a couple of simple tests on driver signature could potentially locate a simple corruption. Corrine, whenever you've done whatever you want to do, do you have any problems with me throwing a sigcheck at the drivers folder, and a hash verification using SFCFix against all those drivers & their associated manifests listed above? Still seems unlikely, as I would have expected one of the tools to pick up something, even just a corruption, but then again, the whole situation seems unlikely.

Richard

 

[barrejf]

Re: Must press F8 and select "Disable Driver Signature Enforcement" to start sytem

Hi Corrine/Richard,

I ran CheckSUR (Windows6.0-KB947821-v33-x86.msu) and sfc /SCANNOW this a.m. Attached you will find files CheckSUR.log, sfcdetails.txt, and cbslog.txt.

I also ran RSIT (Random System Information Tool); attached you will find files info.txt and log.txt.

Kaspersky Security Scan will be executed momentarily. No further actions will be taken until I hear back from you.

Thank you!

Edit to paste logs:

Logfile of random's system information tool 1.09 (written by random/random)
Run by JFBAdmin at 2014-04-02 22:27:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 44 GB (31%) free of 142 GB
Total RAM: 2037 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:12 PM, on 4/2/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16540)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JFBAdmin\Desktop\RSIT.exe
C:\Program Files\trend micro\JFBAdmin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: Free software downloads and software reviews - CNET Download.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1394642965956
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDACC13-76E1-49B9-BE97-F271E8F907BA}: Domain = verizon.net
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

--
End of file - 5589 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-574940311-2613744836-3021488733-1006Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-574940311-2613744836-3021488733-1006UA.job
C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

=========Mozilla firefox=========

ProfilePath - C:\Users\JFBAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\s69ptccq.default

prefs.js - "browser.startup.homepage" - "https://www.linkedin.com/|https://mail.google.com/intl/en/mail/help/about.html?utm_expid=1737704-2.FL1Jjt6bTsi6EomB1rG7RQ.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F|https://webmail.verizon.com/signin/Login.jsp?goto=https://webmail.verizon.com:443/signin/MyVzAuthorize?source=myvz&action=email"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll


C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
Scriptff.dll

C:\Program Files\Mozilla Firefox\plugins\
install.js
npGoogleGadgetPluginFirefoxWin.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.FRA
nppdf32.JPN
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class

C:\Users\JFBAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\s69ptccq.default\extensions\
donottrackplus@abine.com
idme@abine.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-21 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-21 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-08 622592]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2013-03-29 11930696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2013-07-25 5624784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\38B0E9~1.141\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-02 22:27:55 ----D---- C:\rsit
2014-04-02 20:10:37 ----D---- C:\Windows\temp
2014-04-02 20:10:35 ----A---- C:\ComboFix.txt
2014-04-02 20:08:11 ----SHD---- C:\$RECYCLE.BIN
2014-04-01 20:35:38 ----D---- C:\Program Files\Microsoft Security Client
2014-04-01 15:50:27 ----D---- C:\ComboFxOld
2014-04-01 15:27:08 ----D---- C:\Qoobox
2014-04-01 00:47:34 ----D---- C:\CureIt Quarantine
2014-03-31 16:25:52 ----A---- C:\TDSSKiller.3.0.0.25_31.03.2014_16.25.52_log.txt
2014-03-30 19:24:11 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 19:23:21 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-03-30 19:23:21 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-03-30 19:23:21 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-03-30 00:17:45 ----D---- C:\$RECYCLE(0).BIN
2014-03-29 22:40:58 ----D---- C:\Program Files\Mozilla Firefox
2014-03-29 22:39:07 ----A---- C:\AVScanner.ini
2014-03-29 20:25:01 ----A---- C:\TDSSQ.txt
2014-03-29 19:43:25 ----A---- C:\TDSSKiller.3.0.0.26_29.03.2014_19.43.25_log.txt
2014-03-29 14:02:10 ----A---- C:\Windows\ntbtlog.txt
2014-03-29 11:18:44 ----A---- C:\sfcdetails.txt
2014-03-29 08:21:19 ----A---- C:\temp237.bat
2014-03-26 21:44:20 ----A---- C:\temp585.bat
2014-03-26 15:09:15 ----A---- C:\temp420.bat
2014-03-26 14:05:53 ----D---- C:\Program Files\stinger
2014-03-26 12:47:55 ----D---- C:\Windows\SoftwareDistribution
2014-03-26 12:44:21 ----D---- C:\Program Files\Microsoft ATS
2014-03-19 12:56:39 ----A---- C:\temp488.bat
2014-03-18 21:59:55 ----A---- C:\Windows\system32\appinfo.dll
2014-03-18 10:03:09 ----A---- C:\Windows\system32\consent.exe
2014-03-16 23:22:19 ----D---- C:\Program Files\Copernic
2014-03-15 22:11:38 ----D---- C:\Users\JFBAdmin\AppData\Roaming\WinRAR
2014-03-15 21:56:01 ----D---- C:\Program Files\Microsoft OneDrive
2014-03-15 21:55:15 ----D---- C:\ProgramData\Microsoft OneDrive
2014-03-15 15:00:09 ----D---- C:\SFCFix
2014-03-14 22:51:22 ----D---- C:\Windows\winsxs.sav
2014-03-14 11:56:10 ----D---- C:\Users\JFBAdmin\AppData\Roaming\DriverCure
2014-03-14 11:56:09 ----D---- C:\Users\JFBAdmin\AppData\Roaming\MyTurboPC.com
2014-03-14 11:54:04 ----D---- C:\ProgramData\MyTurboPC.com
2014-03-14 11:54:04 ----D---- C:\Program Files\MyTurboPC.com
2014-03-14 09:35:31 ----A---- C:\TDSSKiller.3.0.0.25_14.03.2014_09.35.31_log.txt
2014-03-14 09:31:45 ----A---- C:\TDSSKiller.3.0.0.25_14.03.2014_09.31.45_log.txt
2014-03-13 23:14:33 ----D---- C:\ProgramData\ioloGovernor
2014-03-13 23:14:30 ----D---- C:\Users\JFBAdmin\AppData\Roaming\ioloGovernor
2014-03-13 22:49:57 ----D---- C:\Program Files\Windows Portable Devices
2014-03-13 22:44:48 ----A---- C:\Windows\system32\dxdiagn.dll
2014-03-13 22:44:47 ----A---- C:\Windows\system32\dxdiag.exe
2014-03-13 22:44:46 ----A---- C:\Windows\system32\xpsservices.dll
2014-03-13 22:44:46 ----A---- C:\Windows\system32\OpcServices.dll
2014-03-13 22:44:43 ----A---- C:\Windows\system32\d3d11.dll
2014-03-13 22:43:35 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2014-03-13 21:52:04 ----D---- C:\Windows\system32\eu-ES
2014-03-13 21:52:04 ----D---- C:\Windows\system32\ca-ES
2014-03-13 21:52:03 ----D---- C:\Windows\system32\vi-VN
2014-03-13 21:24:04 ----D---- C:\Windows\system32\SPReview
2014-03-13 20:56:15 ----A---- C:\Windows\system32\pkiview.dll
2014-03-13 20:56:15 ----A---- C:\Windows\system32\pcaui.dll
2014-03-13 20:56:15 ----A---- C:\Windows\system32\drivers\pci.sys
2014-03-13 20:56:14 ----A---- C:\Windows\system32\ntdsutil.exe
2014-03-13 20:56:14 ----A---- C:\Windows\system32\nltest.exe
2014-03-13 20:56:14 ----A---- C:\Windows\system32\nlbmgr.exe
2014-03-13 20:56:14 ----A---- C:\Windows\system32\nlb.exe
2014-03-13 20:56:13 ----A---- C:\Windows\system32\oobefldr.dll
2014-03-13 20:56:13 ----A---- C:\Windows\system32\ocsprevp.dll
2014-03-13 20:56:13 ----A---- C:\Windows\system32\OCSPAdminNative.dll
2014-03-13 20:56:12 ----A---- C:\Windows\system32\Query.dll
2014-03-13 20:56:11 ----A---- C:\Windows\system32\repadmin.exe
2014-03-13 20:55:45 ----A---- C:\Windows\system32\dsprop.dll
2014-03-13 20:55:45 ----A---- C:\Windows\system32\dsmgmt.exe
2014-03-13 20:55:44 ----A---- C:\Windows\system32\es.dll
2014-03-13 20:55:43 ----A---- C:\Windows\system32\diagperf.dll
2014-03-13 20:55:43 ----A---- C:\Windows\system32\dhcpsnap.dll
2014-03-13 20:55:42 ----A---- C:\Windows\system32\drivers\disk.sys
2014-03-13 20:55:41 ----A---- C:\Windows\system32\dsdbutil.exe
2014-03-13 20:55:41 ----A---- C:\Windows\system32\dsadmin.dll
2014-03-13 20:55:41 ----A---- C:\Windows\system32\dnscmd.exe
2014-03-13 20:55:40 ----A---- C:\Windows\system32\GPRSoP.dll
2014-03-13 20:55:40 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2014-03-13 20:55:40 ----A---- C:\Windows\system32\domadmin.dll
2014-03-13 20:55:40 ----A---- C:\Windows\system32\dnsmgr.dll
2014-03-13 20:55:34 ----A---- C:\Windows\system32\GPOAdminCommon.dll
2014-03-13 20:55:34 ----A---- C:\Windows\system32\fdWSD.dll
2014-03-13 20:55:34 ----A---- C:\Windows\system32\fdSSDP.dll
2014-03-13 20:55:34 ----A---- C:\Windows\system32\fdProxy.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\GPOAdminHelper.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\GPOAdminCustom.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\GPOAdmin.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\gpmgmt.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\gpme.dll
2014-03-13 20:55:33 ----A---- C:\Windows\system32\fundisc.dll
2014-03-13 20:55:31 ----A---- C:\Windows\system32\avolprop.dll
2014-03-13 20:55:29 ----A---- C:\Windows\system32\browseui.dll
2014-03-13 20:55:29 ----A---- C:\Windows\system32\brcpl.dll
2014-03-13 20:55:28 ----A---- C:\Windows\system32\drivers\acpi.sys
2014-03-13 20:55:28 ----A---- C:\Windows\system32\bcrypt.dll
2014-03-13 20:55:27 ----A---- C:\Windows\system32\adsmsext.dll
2014-03-13 20:55:27 ----A---- C:\Windows\system32\adsiedit.dll
2014-03-13 20:55:27 ----A---- C:\Windows\system32\adprop.dll
2014-03-13 20:55:27 ----A---- C:\Windows\system32\AdmTmpl.dll
2014-03-13 20:55:26 ----A---- C:\Windows\system32\comsvcs.dll
2014-03-13 20:55:24 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2014-03-13 20:55:24 ----A---- C:\Windows\system32\dcpromoui.dll
2014-03-13 20:55:24 ----A---- C:\Windows\system32\dcpromocmd.dll
2014-03-13 20:55:24 ----A---- C:\Windows\system32\dcpromo.exe
2014-03-13 20:55:24 ----A---- C:\Windows\system32\dcdiag.exe
2014-03-13 20:55:23 ----A---- C:\Windows\system32\certadm.dll
2014-03-13 20:55:22 ----A---- C:\Windows\system32\drivers\cdrom.sys
2014-03-13 20:55:22 ----A---- C:\Windows\system32\certpdef.dll
2014-03-13 20:55:22 ----A---- C:\Windows\system32\certmmc.dll
2014-03-13 20:55:22 ----A---- C:\Windows\system32\certmgr.dll
2014-03-13 20:55:21 ----A---- C:\Windows\system32\capesnpn.dll
2014-03-13 20:55:21 ----A---- C:\Windows\system32\bthudtask.exe
2014-03-13 20:55:19 ----A---- C:\Windows\system32\certxds.dll
2014-03-13 20:55:19 ----A---- C:\Windows\system32\certtmpl.dll
2014-03-13 20:55:12 ----A---- C:\Windows\system32\mtxclu.dll
2014-03-13 20:55:03 ----A---- C:\Windows\system32\mstsmmc.dll
2014-03-13 20:55:03 ----A---- C:\Windows\system32\mstsmhst.dll
2014-03-13 20:55:03 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-03-13 20:54:52 ----A---- C:\Windows\system32\iscsilog.dll
2014-03-13 20:54:31 ----A---- C:\Windows\system32\drivers\kbdhid.sys
2014-03-13 20:54:20 ----A---- C:\Windows\system32\Volshext.dll
2014-03-13 20:54:14 ----A---- C:\Windows\system32\wshbth.dll
2014-03-13 20:54:10 ----A---- C:\Windows\system32\wlbs.exe
2014-03-13 20:54:02 ----A---- C:\Windows\system32\srmtrace.dll
2014-03-13 20:54:01 ----A---- C:\Windows\system32\srmclient.dll
2014-03-13 20:54:01 ----A---- C:\Windows\system32\srm.dll
2014-03-13 20:54:01 ----A---- C:\Windows\system32\srchadmin.dll
2014-03-13 20:53:49 ----A---- C:\Windows\system32\uddi.mmc.dll
2014-03-13 20:52:28 ----A---- C:\Windows\system32\drivers\termdd.sys
2014-03-13 19:23:05 ----D---- C:\Windows\system32\sandbox
2014-03-13 15:21:13 ----D---- C:\Program Files\HD Tune
2014-03-12 21:19:20 ----D---- C:\Windows\system32\catroot2
2014-03-12 17:26:29 ----D---- C:\Windows\SoftwareDistribution.old
2014-03-12 15:37:10 ----D---- C:\Windows\system32\Catroot2.old
2014-03-12 13:24:10 ----A---- C:\TDSSKiller.3.0.0.25_12.03.2014_13.24.10_log.txt
2014-03-12 13:11:10 ----A---- C:\TDSSKiller.3.0.0.25_12.03.2014_13.11.10_log.txt
2014-03-12 13:09:33 ----A---- C:\TDSSKiller.2.8.16.0_12.03.2014_13.09.33_log.txt
2014-03-12 11:12:54 ----A---- C:\Windows\system32\mshtmled.dll
2014-03-12 11:12:53 ----A---- C:\Windows\system32\vbscript.dll
2014-03-12 11:12:52 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-12 11:12:52 ----A---- C:\Windows\system32\ieui.dll
2014-03-12 11:12:51 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-12 11:12:51 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-12 11:12:50 ----A---- C:\Windows\system32\wininet.dll
2014-03-12 11:12:49 ----A---- C:\Windows\system32\jscript9.dll
2014-03-12 11:12:49 ----A---- C:\Windows\system32\jscript.dll
2014-03-12 11:12:46 ----A---- C:\Windows\system32\url.dll
2014-03-12 11:12:45 ----A---- C:\Windows\system32\iertutil.dll
2014-03-12 11:12:43 ----A---- C:\Windows\system32\urlmon.dll
2014-03-12 11:12:42 ----A---- C:\Windows\system32\ieframe.dll
2014-03-12 11:12:39 ----A---- C:\Windows\system32\mshtml.dll
2014-03-12 07:57:14 ----A---- C:\Windows\system32\win32k.sys
2014-03-12 07:57:12 ----A---- C:\Windows\system32\qedit.dll
2014-03-12 07:57:10 ----A---- C:\Windows\system32\wer.dll
2014-03-12 07:57:02 ----A---- C:\Windows\system32\tzres.dll
2014-03-11 15:01:17 ----D---- C:\Program Files\DLLSuite
2014-03-11 13:04:07 ----D---- C:\Windows\system32\TasksBkp
2014-03-11 12:36:50 ----D---- C:\Windows\pss
2014-03-11 09:47:24 ----D---- C:\Program Files\Common Files\DESIGNER
2014-03-10 23:30:47 ----D---- C:\Windows\Minidump
2014-03-10 20:30:08 ----D---- C:\Program Files\Apple Software Update
2014-03-10 20:29:48 ----D---- C:\Program Files\Bonjour
2014-03-07 15:26:55 ----RA---- C:\Program Files\BRINST.INI
2014-03-05 00:24:51 ----A---- C:\Windows\zip.exe
2014-03-05 00:24:51 ----A---- C:\Windows\SWSC.exe
2014-03-05 00:24:51 ----A---- C:\Windows\SWREG.exe
2014-03-05 00:24:51 ----A---- C:\Windows\sed.exe
2014-03-05 00:24:51 ----A---- C:\Windows\PEV.exe
2014-03-05 00:24:51 ----A---- C:\Windows\NIRCMD.exe
2014-03-05 00:24:51 ----A---- C:\Windows\MBR.exe
2014-03-05 00:24:51 ----A---- C:\Windows\grep.exe
2014-03-04 23:20:25 ----A---- C:\Windows\system32\drivers\lgusbmodem.sys
2014-03-04 23:20:25 ----A---- C:\Windows\system32\drivers\lgusbdiag.sys
2014-03-04 23:20:25 ----A---- C:\Windows\system32\drivers\lgusbbus.sys
2014-03-04 23:20:24 ----D---- C:\Program Files\LG Electronics
2014-03-04 22:57:42 ----D---- C:\Program Files\Common Files\InterVideo
2014-03-04 19:56:52 ----A---- C:\Windows\system32\xactengine2_5.dll
2014-03-04 19:56:50 ----A---- C:\Windows\system32\d3dx9_32.dll
2014-03-04 19:56:47 ----A---- C:\Windows\system32\xactengine2_4.dll
2014-03-04 19:56:46 ----A---- C:\Windows\system32\xinput1_3.dll
2014-03-04 19:56:46 ----A---- C:\Windows\system32\xactengine2_3.dll
2014-03-04 19:56:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2014-03-04 19:56:46 ----A---- C:\Windows\system32\d3dx9_31.dll
2014-03-04 19:56:45 ----A---- C:\Windows\system32\xinput1_2.dll
2014-03-04 19:56:45 ----A---- C:\Windows\system32\xinput1_1.dll
2014-03-04 19:56:45 ----A---- C:\Windows\system32\xactengine2_2.dll
2014-03-04 19:56:44 ----A---- C:\Windows\system32\xactengine2_1.dll
2014-03-04 19:56:31 ----A---- C:\Windows\system32\d3dx9_30.dll
2014-03-04 13:26:01 ----A---- C:\Windows\system32\ShellManager310E2D762.dll
2014-03-04 13:26:01 ----A---- C:\Windows\system32\NEROINSTAEC43759.DB
2014-03-04 11:57:26 ----D---- C:\FRST
2014-03-04 08:42:50 ----D---- C:\Program Files\WinDFT

======List of files/folders modified in the last 1 month======

2014-04-02 22:28:11 ----D---- C:\Windows\Prefetch
2014-04-02 22:28:01 ----D---- C:\Program Files\trend micro
2014-04-02 21:44:25 ----D---- C:\Windows\System32
2014-04-02 21:43:04 ----D---- C:\Windows\system32\drivers
2014-04-02 20:10:37 ----D---- C:\Windows
2014-04-02 20:05:57 ----A---- C:\Windows\system.ini
2014-04-02 20:01:15 ----D---- C:\Windows\AppPatch
2014-04-02 20:01:13 ----D---- C:\Program Files\Common Files
2014-04-02 09:31:13 ----D---- C:\Windows\system32\catroot
2014-04-02 09:19:43 ----SHD---- C:\Windows\Installer
2014-04-02 09:17:10 ----SHD---- C:\System Volume Information
2014-04-02 09:07:22 ----RD---- C:\Program Files
2014-04-02 08:19:46 ----D---- C:\ProgramData
2014-04-02 08:19:40 ----D---- C:\Program Files\Comodo
2014-04-02 08:18:36 ----D---- C:\ProgramData\COMODO
2014-04-02 08:15:41 ----D---- C:\ProgramData\AVAST Software
2014-04-01 20:33:16 ----D---- C:\Windows\system32\Tasks
2014-04-01 20:32:54 ----D---- C:\Windows\inf
2014-04-01 19:40:38 ----D---- C:\Windows\system32\wbem
2014-04-01 18:54:00 ----D---- C:\Windows\erdnt
2014-04-01 00:49:15 ----D---- C:\Utils
2014-04-01 00:48:52 ----D---- C:\Temp
2014-04-01 00:48:48 ----D---- C:\Program Files\Advanced File Optimizer
2014-03-31 14:56:28 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 14:04:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-30 19:23:29 ----D---- C:\Users\JFBAdmin\AppData\Roaming\Malwarebytes
2014-03-30 19:23:29 ----D---- C:\ProgramData\Malwarebytes
2014-03-30 05:24:35 ----D---- C:\Windows\system32\config
2014-03-30 05:24:20 ----D---- C:\Windows\Tasks
2014-03-30 05:24:19 ----D---- C:\Windows\system32\spool
2014-03-30 05:24:19 ----D---- C:\Windows\system32\Msdtc
2014-03-30 05:24:16 ----D---- C:\Windows\registration
2014-03-29 23:50:05 ----D---- C:\Program Files\Common Files\Adobe
2014-03-29 23:48:56 ----D---- C:\ProgramData\Adobe
2014-03-29 23:46:48 ----D---- C:\Program Files\Adobe
2014-03-29 08:31:50 ----A---- C:\Windows\PSEXESVC.EXE
2014-03-27 08:36:48 ----D---- C:\Windows\Debug
2014-03-27 08:33:33 ----D---- C:\Program Files\CCleaner
2014-03-26 20:57:55 ----A---- C:\Windows\BRWMARK.INI
2014-03-26 20:57:55 ----A---- C:\Windows\BRPP2KA.INI
2014-03-26 15:20:14 ----D---- C:\Windows\winsxs
2014-03-24 05:45:21 ----A---- C:\PE-Files.txt
2014-03-24 05:41:05 ----A---- C:\Win-Files.txt
2014-03-22 13:16:17 ----D---- C:\Windows\system32\CodeIntegrity
2014-03-21 22:55:00 ----D---- C:\Windows\system32\drivers\etc
2014-03-18 09:47:01 ----AD---- C:\Windows\system32\sysprep
2014-03-18 09:46:59 ----D---- C:\ProgramData\Microsoft Help
2014-03-17 21:18:36 ----SD---- C:\Users\JFBAdmin\AppData\Roaming\Microsoft
2014-03-17 16:35:26 ----D---- C:\Windows\rescache
2014-03-17 15:46:45 ----D---- C:\Program Files\Windows Photo Gallery
2014-03-16 21:56:22 ----D---- C:\Program Files\Microsoft Office
2014-03-15 18:21:53 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-14 17:50:22 ----D---- C:\Program Files\InstallShield Installation Information
2014-03-14 17:50:21 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
2014-03-14 13:14:26 ----D---- C:\Program Files\Toshiba
2014-03-14 13:12:08 ----D---- C:\Toshiba
2014-03-14 00:41:25 ----D---- C:\Windows\Microsoft.NET
2014-03-14 00:39:10 ----RSD---- C:\Windows\assembly
2014-03-13 23:55:48 ----D---- C:\AdwCleaner
2014-03-13 23:54:09 ----SD---- C:\Windows\Downloaded Program Files
2014-03-13 22:49:58 ----D---- C:\Windows\system32\en-US
2014-03-13 22:49:58 ----D---- C:\Windows\system32\drivers\en-US
2014-03-13 22:49:55 ----D---- C:\Windows\system32\zh-TW
2014-03-13 22:49:55 ----D---- C:\Windows\system32\zh-HK
2014-03-13 22:49:55 ----D---- C:\Windows\system32\zh-CN
2014-03-13 22:49:55 ----D---- C:\Windows\system32\uk-UA
2014-03-13 22:49:55 ----D---- C:\Windows\system32\tr-TR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\th-TH
2014-03-13 22:49:55 ----D---- C:\Windows\system32\sv-SE
2014-03-13 22:49:55 ----D---- C:\Windows\system32\sr-Latn-CS
2014-03-13 22:49:55 ----D---- C:\Windows\system32\sl-SI
2014-03-13 22:49:55 ----D---- C:\Windows\system32\sk-SK
2014-03-13 22:49:55 ----D---- C:\Windows\system32\ru-RU
2014-03-13 22:49:55 ----D---- C:\Windows\system32\ro-RO
2014-03-13 22:49:55 ----D---- C:\Windows\system32\pt-PT
2014-03-13 22:49:55 ----D---- C:\Windows\system32\pt-BR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\pl-PL
2014-03-13 22:49:55 ----D---- C:\Windows\system32\nl-NL
2014-03-13 22:49:55 ----D---- C:\Windows\system32\nb-NO
2014-03-13 22:49:55 ----D---- C:\Windows\system32\lv-LV
2014-03-13 22:49:55 ----D---- C:\Windows\system32\lt-LT
2014-03-13 22:49:55 ----D---- C:\Windows\system32\ko-KR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\ja-JP
2014-03-13 22:49:55 ----D---- C:\Windows\system32\it-IT
2014-03-13 22:49:55 ----D---- C:\Windows\system32\hu-HU
2014-03-13 22:49:55 ----D---- C:\Windows\system32\hr-HR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\he-IL
2014-03-13 22:49:55 ----D---- C:\Windows\system32\fr-FR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\fi-FI
2014-03-13 22:49:55 ----D---- C:\Windows\system32\et-EE
2014-03-13 22:49:55 ----D---- C:\Windows\system32\es-ES
2014-03-13 22:49:55 ----D---- C:\Windows\system32\el-GR
2014-03-13 22:49:55 ----D---- C:\Windows\system32\de-DE
2014-03-13 22:49:55 ----D---- C:\Windows\system32\da-DK
2014-03-13 22:49:55 ----D---- C:\Windows\system32\cs-CZ
2014-03-13 22:49:55 ----D---- C:\Windows\system32\bg-BG
2014-03-13 22:49:55 ----D---- C:\Windows\system32\ar-SA
2014-03-13 22:49:27 ----D---- C:\Windows\system32\drivers\UMDF
2014-03-13 22:08:22 ----D---- C:\Boot
2014-03-13 21:53:12 ----D---- C:\Program Files\Windows Mail
2014-03-13 21:53:12 ----D---- C:\Program Files\Windows Calendar
2014-03-13 21:53:12 ----D---- C:\Program Files\Movie Maker
2014-03-13 21:53:11 ----D---- C:\Program Files\Windows Sidebar
2014-03-13 21:53:11 ----D---- C:\Program Files\Windows Media Player
2014-03-13 21:53:11 ----D---- C:\Program Files\Internet Explorer
2014-03-13 21:53:10 ----D---- C:\Program Files\Common Files\System
2014-03-13 21:53:09 ----D---- C:\Windows\servicing
2014-03-13 21:53:09 ----D---- C:\Windows\ehome
2014-03-13 21:53:09 ----D---- C:\Program Files\Windows Defender
2014-03-13 21:53:01 ----D---- C:\Windows\system32\XPSViewer
2014-03-13 21:53:01 ----D---- C:\Windows\IME
2014-03-13 21:52:57 ----D---- C:\Windows\system32\migration
2014-03-13 21:52:57 ----AD---- C:\Windows\system32\oobe
2014-03-13 21:52:56 ----D---- C:\Windows\system32\AdvancedInstallers
2014-03-13 21:52:55 ----D---- C:\Windows\system32\SLUI
2014-03-13 21:52:55 ----D---- C:\Windows\system32\setup
2014-03-13 21:52:53 ----D---- C:\Windows\system32\manifeststore
2014-03-13 21:52:53 ----D---- C:\Windows\system32\en
2014-03-13 21:52:50 ----D---- C:\Windows\system32\migwiz
2014-03-13 21:52:16 ----D---- C:\Windows\Cluster
2014-03-13 21:52:15 ----RSD---- C:\Windows\Fonts
2014-03-13 21:52:03 ----D---- C:\Windows\system32\Boot
2014-03-13 21:46:01 ----D---- C:\Windows\system32\RTCOM
2014-03-13 21:19:04 ----A---- C:\Windows\system32\gpregistrybrowser.dll
2014-03-13 21:19:04 ----A---- C:\Windows\system32\gppref.dll
2014-03-13 21:19:00 ----A---- C:\Windows\system32\gpprefbr.dll
2014-03-13 21:18:57 ----A---- C:\Windows\system32\propshts.dll
2014-03-13 21:18:54 ----A---- C:\Windows\system32\gpprefcn.dll
2014-03-13 21:18:54 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2014-03-12 11:18:14 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-12 11:10:58 ----D---- C:\Windows\system32\MRT
2014-03-11 09:47:26 ----D---- C:\Program Files\Common Files\microsoft shared
2014-03-11 09:47:23 ----D---- C:\Program Files\Microsoft Works
2014-03-11 09:43:34 ----D---- C:\Windows\ShellNew
2014-03-11 08:46:10 ----RD---- C:\Users
2014-03-10 23:35:45 ----D---- C:\Users\JFBAdmin\AppData\Roaming\Apple Computer
2014-03-10 20:31:19 ----D---- C:\Program Files\Common Files\Apple
2014-03-07 15:27:47 ----D---- C:\Program Files\Brother
2014-03-04 20:03:11 ----A---- C:\Windows\swupdate.INI
2014-03-04 19:55:36 ----D---- C:\ProgramData\Toshiba
2014-03-04 14:02:05 ----D---- C:\Program Files\QuickTime
2014-03-04 13:54:31 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 13:26:04 ----D---- C:\Program Files\Common Files\Nero
2014-03-03 17:11:10 ----D---- C:\sa200f0v520

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmafd;AMD Audio Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmafd.sys [2013-03-14 15968]
R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-05-18 40560]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 MxEFUF;Matrox Extio Upper Function Filter; C:\Windows\system32\DRIVERS\MxEFUF32.sys [2010-11-04 102728]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 MpKsl0e742f0b;MpKsl0e742f0b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A55CD12-8BCA-485E-B6F3-3ED63175BFEB}\MpKsl0e742f0b.sys [2014-04-02 39464]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2012-11-29 35088]
R2 PDFsFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2013-03-17 68464]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2009-09-17 92712]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 cbfs3;EldoS Callback File System driver v3; C:\Windows\system32\DRIVERS\cbfs3.sys [2012-04-09 299024]
R3 DPPCMFilter;DPPCMFilter Driver; C:\Windows\system32\DRIVERS\DPPCMFilter.sys [2008-07-08 456960]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2013-03-29 2646088]
R3 JSWSCIMD;jswscimd Service; C:\Windows\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-03-05 23256]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 PGR1394b;PGR Bus host controllers; C:\Windows\system32\DRIVERS\PGR1394.sys [2011-02-04 92672]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-12-14 290816]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-04-16 11776]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-25 66560]
S3 catchme;catchme; \??\C:\Users\JFBAdmin\AppData\Local\Temp\catchme.sys []
S3 cleanhlp;cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [2013-11-16 50200]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2013-06-18 23456]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2012-08-21 26840]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MFE_RR;MFE_RR; \??\C:\Users\JFBAdmin\AppData\Local\Temp\mfe_rr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 Sntnlusb;Rainbow USB SuperPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2011-05-27 41896]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-02 35328]
S3 w39n51;Intel(R) PRO/Wireless WiFi Link 3945ABG Adapter Driver; C:\Windows\system32\DRIVERS\bzeek.sys [2012-06-24 724096]
S3 WIMMount;WIMMount; \??\C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\x86\DISM\wimmount.sys [2012-07-25 34248]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-25 155136]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2012-03-27 313120]
S4 iswtwq;iswtwq; C:\Windows\system32\drivers\iswtwq.sys []
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-03 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys []
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2007-01-03 479488]
S4 kxqcsx;kxqcsx; C:\Windows\system32\drivers\kxqcsx.sys []
S4 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2013-09-30 15688]
S4 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-09-30 10320]
S4 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S4 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S4 vqdtrh;vqdtrh; C:\Windows\system32\drivers\vqdtrh.sys []
S4 wjtvys;wjtvys; C:\Windows\system32\drivers\wjtvys.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Brother XP spl Service;BrSplService; C:\Windows\system32\brsvc01a.exe [2004-06-13 57344]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2008-03-10 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 65536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-17 118896]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
S4 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2014-04-02 22:28:17

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Administative Templates for Windows Vista (.admx)-->MsiExec.exe /I{354A4677-23FE-454C-B70D-E8F2AB4A8AF2}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B92C2C6C-F70E-497B-88A7-1FEF9888272B}
Adobe Flash Player 12 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -maintain activex
Adobe Flash Player 12 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -maintain plugin
Adobe Shockwave Player 12.1-->"C:\Windows\system32\Adobe\Shockwave 12\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced File Optimizer-->"C:\Program Files\Advanced File Optimizer\unins000.exe" /silent
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Belarc Advisor 8.4-->"C:\Program Files\Belarc\BelarcAdvisor\Uninstall.exe" "C:\Program Files\Belarc\BelarcAdvisor\INSTALL.LOG"
Belkin Wireless G Cardbus Adapter-->C:\Program Files\InstallShield Installation Information\{E3935FBB-53C6-48BB-B9C4-1407AAD34523}\setup.exe -runfromtemp -l0x0409
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
BRAdmin Professional 3-->C:\Program Files\InstallShield Installation Information\{75C885D4-C758-4896-A3B4-90DA34B44C31}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Brother Driver Deployment Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}\setup.exe" -l0x9 -uninst -removeonly
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Crystal XI-->MsiExec.exe /I{0B9E27C7-9ECD-4362-B311-030EA48F8E72}
CutePDF Writer 3.0-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
CVE-2014-0322-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{25408f0a-987b-4ab0-a5ac-2ddb89ff22cf}.sdb"
Data Lifeguard Diagnostic for Windows 1.24-->"C:\Program Files\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\unins000.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Desktop Dialer-->C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
East-Tec Eraser 2012 Version 10.0-->"C:\Program Files\East-Tec Eraser 2012\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\33.0.1750.154\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Drive-->MsiExec.exe /X{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
iCare Data Recovery Free 5.2.1-->"C:\Program Files\iCare Data Recovery Free\unins000.exe"
iExplorer 3.2.5.0-->"C:\Program Files\iExplorer\unins000.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java 7 Update 51-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LocalGPO-->MsiExec.exe /I{4EB3D065-D437-43AC-823F-E3861B41B442}
Logger Pro 3.4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7894A09D-E89E-4F37-97BC-B0711F8E3D69}\setup.exe" -l0x9
Malwarebytes Anti-Malware version 2.00.0.1000-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D}
Microsoft Automated Troubleshooting Services Shim-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /X{36A345C9-0691-45A1-AEEF-29ECEC8B5014}
Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MiniTool Partition Wizard Home Edition 8.1.1-->"C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1\unins000.exe"
Mozilla Firefox 28.0 (x86 en-US)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nmap 6.25-->"C:\Program Files\Nmap\uninstall.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Paragon Partition Manager™ 11 Free Edition-->MsiExec.exe /I{45F4941E-5E77-11DF-A71D-005056C00008}
PhoneBrowse 2.0.4-->"C:\Program Files\iMobie\PhoneBrowse\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Ruckus Player-->C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {8086EDC0-3409-3560-B108-44FC46882443}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {FED9B2BC-E6D7-3409-B4C9-99AF8AC65725}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {79850906-6D2B-4061-8EAF-EAC84173DEC5}
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition -->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {318439CB-4E76-48A5-AED6-E0D781DD50D8}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7112510-2575-4BA4-A576-78BF8A6307BC}
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4CCE0378-386F-4DC2-9CC1-A3710C77057D}
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1A0CA3FF-2BB8-4CF8-A5A9-9B314260C327}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {686630EC-8033-4031-85C5-D8E5CD62A958}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8A8710F9-C828-440A-A2A7-2FCE899B7D99}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Sentinel System Driver Installer 7.5.7-->MsiExec.exe /I{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy 2\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{744E2BC2-EC6F-44D5-AA68-451B4131383B}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Tweaking.com - Advanced System Tweaker-->"C:\Program Files\Tweaking.com\Advanced System Tweaker\uninstall.exe" "/U:C:\Program Files\Tweaking.com\Advanced System Tweaker\Uninstall\uninstall.xml"
Tweaking.com - Windows Repair (All in One)-->"C:\Program Files\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
Ultra Defragmenter-->C:\Program Files\UltraDefrag\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Verizon Cloud-->C:\Program Files\Verizon Cloud\uninstaller.exe
Vista Services Optimizer-->MsiExec.exe /X{C165D09F-FBC4-48C7-B951-CCD5177803F4}
WebEx Recorder and Player-->MsiExec.exe /I{D38AC40B-2F46-43CB-B41B-5E6631F3FE50}
WinDFT-->MsiExec.exe /I{065F384A-5C64-4532-814A-A24BA5374503}
Windows Deployment Tools-->MsiExec.exe /I{BFC9778E-9765-C94C-C082-C2514F8DEB9B}
Windows PE x86 x64 wims-->MsiExec.exe /I{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}
Windows PE x86 x64-->MsiExec.exe /I{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinDriversBackup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C713C8B5-F0E1-401D-AE9B-3AB0E180D626}\setup.exe"
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinPcap 4.1.2-->"C:\Program Files\WinPcap\uninstall.exe"
WinSCP 4.2.3 beta-->"C:\Program Files\WinSCP\unins000.exe"

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)
AS: SUPERAntiSpyware

======System event log======

Computer Name: ARKKFJCW3S
Event Code: 7034
Message: The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 1137840
Source Name: Service Control Manager
Time Written: 20140402232953.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 7034
Message: The BrSplService service terminated unexpectedly. It has done this 1 time(s).
Record Number: 1137839
Source Name: Service Control Manager
Time Written: 20140402232952.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 7031
Message: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Record Number: 1137838
Source Name: Service Control Manager
Time Written: 20140402232952.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1137570
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20140402130759.442747-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ARKKFJCW3S
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1137439
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20140402124218.090666-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: ARKKFJCW3S
Event Code: 3013
Message: The entry <C:\COMBOFIX\TEMP0002> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 89460
Source Name: Microsoft-Windows-Search
Time Written: 20140402235759.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 3013
Message: The entry <C:\COMBOFIX\TEMP0001> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 89459
Source Name: Microsoft-Windows-Search
Time Written: 20140402235759.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 3013
Message: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 89458
Source Name: Microsoft-Windows-Search
Time Written: 20140402235757.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 3013
Message: The entry <C:\32788R22FWJFW\TEMP00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 89455
Source Name: Microsoft-Windows-Search
Time Written: 20140402234334.000000-000
Event Type: Error
User:

Computer Name: ARKKFJCW3S
Event Code: 10010
Message: Application 'C:\Program Files\Microsoft Security Client\MpCmdRun.exe' (pid 3488) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 89407
Source Name: Microsoft-Windows-RestartManager
Time Written: 20140402131750.184335-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: ARKKFJCW3S
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 177606
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140402124329.971776-000
Event Type: Audit Success
User:

Computer Name: ARKKFJCW3S
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 177605
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140402124329.971776-000
Event Type: Audit Success
User:

Computer Name: ARKKFJCW3S
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 177604
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140402124210.493466-000
Event Type: Audit Success
User:

Computer Name: ARKKFJCW3S
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-574940311-2613744836-3021488733-1007
Account Name: JFBAdmin
Account Domain: ARKKFJCW3S
Logon ID: 0x36a23

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 177603
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140402124201.710666-000
Event Type: Audit Success
User:

Computer Name: ARKKFJCW3S
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-574940311-2613744836-3021488733-1007
Account Name: JFBAdmin
Domain Name: ARKKFJCW3S
Logon ID: 0x36a0a
Record Number: 177602
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140402123215.292066-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;%QUARTUS_ROOTDIR%\bin;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SystemRoot%\System32\Windows System Resource Manager\bin;;%systemroot%\idmu\common;C:\Program Files\Universal Extractor;C:\Program Files\Universal Extractor\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CONCEPT_INST_DIR"=%CDSROOT%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"asl.log"=Destination=file
"UD_INSTALL_DIR"=C:\Program Files\UltraDefrag

-----------------EOF-----------------

 

[Corrine]

Re: Must press F8 and select "Disable Driver Signature Enforcement" to start sytem

Hi, Jim.

I checked your ComboFix log and it looks fine. The reason I needed to paste the RSIT logs was so that I could more easily research anything I wasn't sure of (select text, right-click, search).

Having uninstalled Comodo, make sure you have the the Windows Firewall working.

Personally, I would not allow any programs in the Trusted Zone. After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more. If you elect to remove the entry from the Trusted Zone, please do the following:

• Launch Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab.
• Click Trusted Sites, and then click Sites.
• Click the site you want to delete, and then click Remove.