Jump to content

stuck

Honorary Members
 View Profile  See their activity

  • Posts

    45

  • Joined

  • Last visited

 Content Type 

Everything posted by stuck

  1. stuck
    Bingo! It works now. Thanks again for your time and effort, I really appreciate your help.
  2. stuck
    okay, I've tried to run the uninstall and it gives me an error:
  3. stuck
    Ok, I've tried to delete the folder of Qoobox, but it seems i can't delete it.
  4. stuck
    Another question: When I go to the c: drive, I have notice a folder called (Boot) and a folder called (Qoobox). Any idea what are those folders?
  5. stuck
    You are awesome Kenny94! *Gives you a karma* Thanks for your time and knowledge, you saved my laptop! I really appreciate your effort for helping people with their computers problems. Since I have been infected by the Trojan virus, should I changed all my password from my account? And since I would like to try the Antivirus Avast, should I remove Avira Antivirus before? Thanks for the last tips.
  6. stuck
    And here's the scan for MBAM log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 shinyaku :: SHINYAKU-PC [administrator] Protection: Enabled 18/06/2012 10:32:09 PM mbam-log-2012-06-18 (22-32-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227858 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. stuck
    Hi Kenny, good news. I think the dialouge box that pops up "The specified module could not be found" is now gone when restarted after the OTL scan. Here's the log for OTL: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3786737421-1029651582-3655982258-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bcwext deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mandh deleted successfully. Registry value HKEY_USERS\S-1-5-21-3786737421-1029651582-3655982258-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-3786737421-1029651582-3655982258-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\@ moved successfully. C:\ProgramData\ilaexeodmj.dat moved successfully. ========== FILES ========== C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U folder moved successfully. C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\L folder moved successfully. C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460} folder moved successfully. File\Folder C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll not found. File\Folder C:\ProgramData\jmdoexeali.dat not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\shinyaku\Desktop\cmd.bat deleted successfully. C:\Users\shinyaku\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: shinyaku ->Temp folder emptied: 56487742 bytes ->Temporary Internet Files folder emptied: 7398730 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 60685544 bytes ->Flash cache emptied: 8834 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3136 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 119.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.49.0 log created on 06182012_221652 Files\Folders moved on Reboot... C:\Users\shinyaku\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  8. stuck
    Here's the extra logs: OTL Extras logfile created on: 6/16/2012 9:12:38 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\shinyaku\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.93 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.27% Memory free 7.86 Gb Paging File | 5.85 Gb Available in Paging File | 74.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 559.50 Gb Total Space | 111.94 Gb Free Space | 20.01% Space Free | Partition Type: NTFS Computer Name: SHINYAKU-PC | User Name: shinyaku | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0013FE43-E531-4382-80E1-A92548FDC218}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{726BBC2B-8648-4C27-ADCB-FB9FA4E60D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CF1F66EF-1B0A-4FD1-B2F7-8371E201B00B}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC8B9272-CF56-4073-BF92-CF92D37022ED}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{3E7E3AA8-7C98-4198-A999-5DCE2779BE62}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{3613019A-176D-4659-8AAA-2BD30C406DE7}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0506E878-CE62-4491-AA26-743924FEE236}" = BlueSoleil 8.0.356.0 "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0d78370e-4086-4292-a82e-f920135dcee4}.sdb" = SCHTHACK PSOBB Compatibility Database "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java 6 Update 32 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java 7 Update 4 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Cool Edit Pro 2.1" = Cool Edit Pro 2.1 "Dream Aquarium 1.234_is1" = Dream Aquarium 1.234 Ru-board edition "DreamAqua" = Dream Aquarium "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "Game Booster_is1" = Game Booster "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword "NVIDIA.Updatus" = NVIDIA Updatus "Opera 12.00.1467" = Opera 12.00 "RealAlt_is1" = Real Alternative 2.0.2 "StepMania" = StepMania 3.9b (remove only) "TOSHIBA Game Console" = WildTangent ORB Game Console "TotalBF2 Map Pack 1" = TotalBF2 Map Pack 1 "VLC media player" = VLC media player 1.1.11 "WildTangent toshiba Master Uninstall" = WildTangent Games "WildTangent wildgames Master Uninstall" = WildTangent Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "Winrar 3.93" = Winrar 3.93 "WT083877" = Chuzzle Deluxe "WT083885" = Zuma's Revenge "WT083958" = Penguins! "WT083959" = Polar Bowler "X-07 MAPPACK [LAN] Battlefield 2" = X-07 MAPPACK [LAN] Battlefield 2 "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/5/2011 5:53:30 PM | Computer Name = shinyaku-PC | Source = Application Error | ID = 1000 Description = Faulting application name: NvXDSync.exe, version: 7.17.12.6776, time stamp: 0x4d81bcf0 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000005386a Faulting process id: 0x5f8 Faulting application start time: 0x01cc9c0545019abc Faulting application path: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll Report Id: 98b23c04-07f8-11e1-bbf5-88ae1d5ad698 Error - 11/5/2011 5:57:02 PM | Computer Name = shinyaku-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1064 Start Time: 01cc9c05627f8380 Termination Time: 405 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: [ System Events ] Error - 6/14/2012 11:09:48 PM | Computer Name = shinyaku-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 6/15/2012 7:32:30 AM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 6/15/2012 6:26:27 PM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 6/15/2012 6:27:24 PM | Computer Name = shinyaku-PC | Source = DCOM | ID = 10010 Description = Error - 6/15/2012 6:32:16 PM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 6/15/2012 6:32:25 PM | Computer Name = shinyaku-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.2061.0). Error - 6/15/2012 6:47:23 PM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/15/2012 6:50:22 PM | Computer Name = shinyaku-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/15/2012 6:50:54 PM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/15/2012 6:52:07 PM | Computer Name = shinyaku-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 < End of report >
  9. stuck
    Okay, here"s the OTL logs: OTL logfile created on: 6/16/2012 9:12:38 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\shinyaku\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.93 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.27% Memory free 7.86 Gb Paging File | 5.85 Gb Available in Paging File | 74.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 559.50 Gb Total Space | 111.94 Gb Free Space | 20.01% Space Free | Partition Type: NTFS Computer Name: SHINYAKU-PC | User Name: shinyaku | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/16 21:11:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\shinyaku\Desktop\OTL.exe PRC - [2012/06/15 07:34:25 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012/06/15 07:34:24 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/31 08:22:33 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/04/29 14:45:46 | 001,006,080 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2011/04/13 13:06:02 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2011/04/13 13:00:54 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/05/05 10:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/02/22 16:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 07:34:38 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012/06/15 07:34:38 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012/06/15 07:34:38 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012/06/15 07:34:37 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012/06/15 07:34:37 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012/06/15 07:34:37 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012/06/15 07:34:37 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012/06/15 07:34:37 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012/06/15 07:34:37 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012/06/15 07:34:37 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012/06/15 07:34:37 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012/06/15 07:34:37 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012/06/15 07:34:37 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012/04/17 07:38:55 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2011/04/13 13:00:58 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll MOD - [2011/03/28 12:04:52 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll MOD - [2010/03/31 22:59:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll MOD - [2003/05/01 18:23:28 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/10/21 12:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/17 07:38:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/31 08:22:33 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/10/30 19:49:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/04/29 14:45:46 | 001,006,080 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2011/04/13 13:09:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2011/04/13 13:00:54 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS) SRV - [2010/05/05 10:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/28 19:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008/09/08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/04/16 18:43:48 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/04/16 18:43:48 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/14 10:26:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010/08/26 22:29:30 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS) DRV:64bit: - [2010/08/26 22:29:28 | 000,029,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM) DRV:64bit: - [2010/08/18 23:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT) DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2010/06/30 01:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010/06/24 12:35:04 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2010/05/18 19:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010/05/08 21:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2010/05/03 17:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/27 04:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010/04/06 19:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2010/04/06 19:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2010/04/06 19:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2010/04/06 19:32:44 | 000,018,824 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv) DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en IE - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) O1 HOSTS File: ([2012/06/15 18:50:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [bcwext] rundll32.exe "C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll",SteamAPI_RestartApp File not found O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [mandh] rundll32.exe ",ConvertMeshSubsetToSingleStrip File not found O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\Run: [] File not found O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\Run: [ctfmon.exe] C:\windows\system32\rundll32.exe C:\PROGRA~3\jmdoexeali.dat,StartAs File not found O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3786737421-1029651582-3655982258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D316E73B-430E-42A1-B495-7DCAB2257460}: DhcpNameServer = 24.48.19.13 24.202.72.13 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/16 21:11:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\shinyaku\Desktop\OTL.exe [2012/06/15 19:00:40 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/06/15 18:52:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/06/15 18:39:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/06/15 18:39:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/06/15 18:39:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/06/15 18:39:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/15 18:30:42 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\shinyaku\Desktop\ComboFix.exe [2012/06/10 22:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/06/10 22:41:42 | 008,298,672 | ---- | C] (SurfRight B.V.) -- C:\Users\shinyaku\Desktop\HitmanPro35_x64.exe [2012/06/10 22:25:26 | 000,000,000 | ---D | C] -- C:\_OTM [2012/06/09 22:57:47 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\shinyaku\Desktop\OTM.exe [2012/06/05 19:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/06/05 19:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/06/04 19:05:37 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/06/03 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Roaming\Avira [2012/06/03 20:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/06/03 20:52:41 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012/06/03 20:52:41 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012/06/03 20:52:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012/06/03 20:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/06/03 20:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/06/01 20:10:56 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{7F89E010-BD68-4BC6-BBF6-E9FF1C453429} [2012/06/01 20:10:34 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{1685359F-5C88-4655-8913-81F2535452A9} [2012/05/29 22:38:37 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2012/05/27 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{5FE63B01-60DF-41C4-9CAC-E3AC975F2D06} [2012/05/27 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{709ADB78-A976-415B-8A5B-4B2AE150BC09} [2012/05/26 07:08:07 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{D19C763B-466A-4A3E-88E1-312A08F83D58} [2012/05/23 22:00:20 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Roaming\MozillaFirefox4.0 [2012/05/23 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{AB3EE310-0B38-4C59-A210-AF54990D1E8B} [2012/05/23 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Local\{50AABC69-3FCD-4C74-928E-3001A73D677D} [2012/05/20 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Defrag [2012/05/20 22:19:13 | 000,000,000 | ---D | C] -- C:\Users\shinyaku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner [2012/05/20 22:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner [2012/05/20 22:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner [2012/05/18 20:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/18 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/18 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011/03/16 21:46:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\shinyaku\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/06/16 21:11:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\shinyaku\Desktop\OTL.exe [2012/06/16 21:09:40 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 21:09:40 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 21:08:09 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/16 21:02:25 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/16 21:01:42 | 000,001,206 | ---- | M] () -- C:\windows\SysWow64\bscs.ini [2012/06/16 21:01:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/16 21:01:28 | 3166,703,616 | -HS- | M] () -- C:\hiberfil.sys [2012/06/16 20:42:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/16 17:38:10 | 452,560,965 | ---- | M] () -- C:\Users\shinyaku\Desktop\Lifeline.1997.Dual.mkv [2012/06/15 18:50:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/06/15 18:30:45 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\shinyaku\Desktop\ComboFix.exe [2012/06/14 19:12:19 | 000,379,888 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/13 23:52:03 | 000,785,332 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/13 23:52:03 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/13 23:52:03 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/10 22:49:59 | 000,001,434 | ---- | M] () -- C:\Users\shinyaku\Desktop\log.xml [2012/06/10 22:42:23 | 008,298,672 | ---- | M] (SurfRight B.V.) -- C:\Users\shinyaku\Desktop\HitmanPro35_x64.exe [2012/06/09 22:57:47 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\shinyaku\Desktop\OTM.exe [2012/06/09 22:33:03 | 000,458,240 | ---- | M] () -- C:\Users\shinyaku\Desktop\CKScanner.exe [2012/06/05 19:03:34 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/06/05 07:13:05 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012/06/03 20:52:51 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/06/03 20:48:31 | 099,218,336 | ---- | M] () -- C:\Users\shinyaku\Desktop\avira_free_antivirus_en.exe [2012/05/26 07:42:18 | 665,058,395 | ---- | M] () -- C:\Users\shinyaku\Desktop\My Movie.wmv [2012/05/20 22:19:13 | 000,001,028 | ---- | M] () -- C:\Users\shinyaku\Desktop\Eusing Free Registry Cleaner.lnk ========== Files Created - No Company Name ========== [2012/06/15 18:39:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/06/15 18:39:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/06/15 18:39:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/06/15 18:39:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/06/15 18:39:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/06/10 22:49:59 | 000,001,434 | ---- | C] () -- C:\Users\shinyaku\Desktop\log.xml [2012/06/09 22:33:03 | 000,458,240 | ---- | C] () -- C:\Users\shinyaku\Desktop\CKScanner.exe [2012/06/05 19:03:34 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/06/05 19:03:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/06/03 20:52:51 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/06/03 20:45:23 | 099,218,336 | ---- | C] () -- C:\Users\shinyaku\Desktop\avira_free_antivirus_en.exe [2012/05/26 07:11:30 | 665,058,395 | ---- | C] () -- C:\Users\shinyaku\Desktop\My Movie.wmv [2012/05/20 22:19:13 | 000,001,028 | ---- | C] () -- C:\Users\shinyaku\Desktop\Eusing Free Registry Cleaner.lnk [2012/03/31 08:22:50 | 000,234,536 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012/03/31 08:22:33 | 000,075,064 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2012/02/11 08:10:31 | 000,185,337 | ---- | C] () -- C:\Users\shinyaku\AppData\Local\census.cache [2012/02/11 08:10:27 | 000,133,839 | ---- | C] () -- C:\Users\shinyaku\AppData\Local\ars.cache [2012/01/10 20:00:19 | 000,002,048 | -HS- | C] () -- C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\@ [2011/12/29 23:01:56 | 000,000,827 | ---- | C] () -- C:\windows\SysWow64\SHORTCUT.INI [2011/12/29 22:55:33 | 000,000,107 | ---- | C] () -- C:\windows\SysWow64\REMOTEDEVICE.INI [2011/12/24 00:59:01 | 000,006,495 | ---- | C] () -- C:\windows\SysWow64\LOCALSERVICE.INI [2011/12/24 00:58:59 | 000,000,103 | ---- | C] () -- C:\windows\SysWow64\LOCALDEVICE.INI [2011/12/24 00:56:37 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\BSPRINT.INI [2011/12/13 22:57:20 | 076,004,920 | -H-- | C] () -- C:\ProgramData\ilaexeodmj.dat [2011/10/01 07:26:05 | 000,765,178 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011/08/22 23:39:37 | 000,008,192 | ---- | C] () -- C:\windows\d3dx.dat [2011/06/18 05:56:49 | 000,040,960 | R--- | C] () -- C:\windows\SysWow64\psfind.dll [2011/05/21 07:32:38 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini [2011/04/29 14:45:56 | 000,001,206 | ---- | C] () -- C:\windows\SysWow64\bscs.ini [2011/04/15 22:23:28 | 000,007,605 | ---- | C] () -- C:\Users\shinyaku\AppData\Local\Resmon.ResmonCfg [2011/04/13 13:00:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\BsMobileCSps.dll [2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Users\shinyaku\AppData\Roaming\base.ini [2011/03/16 21:46:47 | 000,007,859 | ---- | C] () -- C:\Users\shinyaku\AppData\Roaming\pcouffin.cat [2011/03/16 21:46:47 | 000,001,167 | ---- | C] () -- C:\Users\shinyaku\AppData\Roaming\pcouffin.inf [2011/02/23 22:42:28 | 000,000,227 | ---- | C] () -- C:\windows\PowerReg.dat [2011/02/23 22:42:27 | 000,045,568 | ---- | C] () -- C:\windows\UniFish3.exe [2011/02/17 23:48:03 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI [2011/01/03 17:23:40 | 000,000,036 | ---- | C] () -- C:\Users\shinyaku\AppData\Local\housecall.guid.cache [2010/12/13 20:19:21 | 000,090,950 | ---- | C] () -- C:\windows\War3Unin.dat [2010/12/08 08:54:05 | 000,000,000 | ---- | C] () -- C:\windows\ACTIVEJP.INI [2010/11/10 22:56:00 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat [2010/09/10 12:22:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2010/09/10 11:46:29 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe ========== LOP Check ========== [2012/05/21 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Atoc [2011/04/03 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\AVG10 [2011/01/31 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\BloodTies [2011/02/24 20:14:54 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Dream Aquarium [2012/04/15 21:13:15 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\GameRanger [2011/02/19 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\HU2011 [2011/08/03 08:23:39 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Leadertech [2012/04/26 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Masque [2012/03/01 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Mount&Blade With Fire and Sword [2012/05/24 00:07:30 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Ohqu [2011/02/17 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Opera [2011/04/24 07:11:11 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\ProtectDISC [2011/01/24 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Publish Providers [2011/04/02 06:19:06 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Rovio [2011/01/24 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Sony [2011/03/12 00:06:06 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\SpinTop Games [2010/11/14 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Toshiba [2011/03/16 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Vso [2011/05/09 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\WildTangent [2011/01/29 17:12:52 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\WildTangentv1002 [2010/11/08 11:29:56 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\WinBatch [2012/02/19 00:45:25 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Xilisoft [2012/02/19 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\shinyaku\AppData\Roaming\Xilisoft Corporation [2012/06/13 19:00:48 | 000,032,546 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== < End of report >
  10. stuck
    Hi, apparently it found 0 threat with E-Set Scanner. But It still have the pop-up of bcwext.dll when I open laptop. Here's the log for E-Set Online scanner: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=67a7cc28605f114fb3b48cc2dfc5d06c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2012-06-16 01:33:10 # local_time=2012-06-16 09:33:10 (-0500, Eastern Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 155315 155315 0 0 # compatibility_mode=5893 16776573 100 94 0 91391525 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=301883 # found=0 # cleaned=0 # scan_time=5515
  11. stuck
    Here's the ComboFix log: ComboFix 12-06-15.06 - shinyaku 15/06/2012 18:42:25.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4027.2378 [GMT -4:00] Running from: c:\users\shinyaku\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\@ c:\windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\L\00000004.@ c:\windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\L\1afb2d56 c:\windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\L\201d3dde c:\windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000004.@ . . ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))) . . 2012-06-15 22:50 . 2012-06-15 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-15 22:50 . 2012-06-15 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 01:12 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-11 02:42 . 2012-06-11 02:43 -------- d-----w- c:\programdata\HitmanPro 2012-06-11 02:25 . 2012-06-11 02:25 -------- d-----w- C:\_OTM 2012-06-05 23:03 . 2012-06-05 23:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-06-04 00:58 . 2012-06-04 00:58 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Avira 2012-06-04 00:52 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-06-04 00:52 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-06-04 00:52 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\programdata\Avira 2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\program files (x86)\Avira 2012-05-30 02:38 . 2012-05-30 02:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-05-24 02:00 . 2012-05-24 02:00 -------- d-----w- c:\users\shinyaku\AppData\Roaming\MozillaFirefox4.0 2012-05-21 02:21 . 2012-05-21 02:56 -------- d-----w- c:\program files (x86)\Eusing Free Registry Defrag 2012-05-21 02:19 . 2012-05-21 02:21 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 23:09 . 2012-05-05 23:56 955848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-05 23:09 . 2012-05-05 23:56 839112 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-08 17:02 . 2012-06-08 22:22 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C794778-D3AC-4FBF-85F4-64B418A5EEE1}\mpengine.dll 2012-04-17 11:38 . 2012-04-17 11:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-17 11:38 . 2011-10-08 03:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 19:56 . 2010-11-09 14:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-03-31 12:22 . 2012-03-31 12:22 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-03-30 11:35 . 2012-05-12 00:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176] R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-04-13 147563] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:38] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-bcwext - c:\users\shinyaku\AppData\Local\Temp\bcwext.dll HKLM-Run-mandh - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-06-15 19:00:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-15 23:00 . Pre-Run: 121,965,318,144 bytes free Post-Run: 122,050,994,176 bytes free . - - End Of File - - 45E3F29ADB1A43908D8CDFE016B82146
  12. stuck
    Thanks, I'll wait for your news.
  13. stuck
    Well the dialogue box still pops up when I open laptop. Although, I don't think there's other problem with my laptop. It's much better now.
  14. stuck
    Here's the log for Hitman Pro: log.xml Hope it helps.
  15. stuck
    Here's the OTM log: All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe moved successfully. c:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar moved successfully. c:\dnload\Program\gamebooster2.1EN.exeC:\dnload\Program\Nero-7.10.1.0_eng_full.exeC:\Users\Public\Hadoken should blast Mcafee.zap moved successfully. c:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition moved successfully. c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe moved successfully. c:\dosbox\war\CRACK.EXE moved successfully. c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg moved successfully. c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer moved successfully. c:\program files (x86)\mount&blade with fire and sword\sounds\Fire_Small_Crackle_Slick_op.ogg moved successfully. c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe moved successfully. c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt moved successfully. c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js moved successfully. c:\users\shinyaku\games\unreal tournament 2004\UT2004 Keygen (XP only).exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: shinyaku ->Temp folder emptied: 667373 bytes ->Temporary Internet Files folder emptied: 374050 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 2534131 bytes ->Flash cache emptied: 5181 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1055102 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.00 mb Restore point Set: OTM Restore Point OTM by OldTimer - Version 3.1.19.0 log created on 06102012_222526 Files moved on Reboot... C:\Users\shinyaku\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  16. stuck
    Hi Kenny, Sorry about that, since I share this laptop with my roomates, and they've been using the laptop and installed some sh*t pirated stuff that I don't even use. I use the laptop more for web browsing, looking for weather and news, youtube and storing my collection of photos and videos from my camera. Since I don't want to lose my photos and all, is it possible to just uninstall or delete all those nasty stuff programs without having to restore Windows? Thanks and sorry about that matter.
  17. stuck
    Ok, Here's the logs: CKScanner - Additional Security Risks - These are not necessarily bad c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe c:\dosbox\war\crack.exe c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js c:\users\shinyaku\games\unreal tournament 2004\ut2004 keygen (xp only).exe scanner sequence 3.GJ.11.HTAPNR ----- EOF -----
  18. stuck
    Yup, it's still present for this message error when I restart the laptop.
  19. stuck
    Ok, I've clean with CC cleaner and I've update MalwareBytes: Here's the log for Malware Bytes: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 shinyaku :: SHINYAKU-PC [administrator] Protection: Enabled 07/06/2012 7:21:29 PM mbam-log-2012-06-07 (21-36-23).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 528082 Time elapsed: 2 hour(s), 14 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  20. stuck
    Although, when I restart the PC, I still have this problem:
  21. stuck
    I think so far so good . Firewall is now back on tracks, Malwarebytes scans with no problems. And Avira have no more pop-ups. But I'm not sure if it is 100% clean.
  22. stuck
    Hi Kenny94, I don't know why but I can't find other logs than this one: Files moved on Reboot... File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot...
  23. stuck
    Hmm, don't know why it didn't detect the files since I just copy over the log. Here's the OTM logs: ========== PROCESSES ========== No active process named :Services was found! No active process named :Reg was found! No active process named :Files was found! No active process named C:\dnload\Program\gamebooster2.1EN.exe was found! No active process named C:\dnload\Program\Nero-7.10.1.0_eng_full.exe was found! No active process named C:\Users\Public\Hadoken should blast Mcafee.zap was found! No active process named C:\Users\shinyaku\AppData\Local\Temp\mandh.dll was found! No active process named C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found! No active process named C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir was found! No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found! No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ was found! No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@ was found! No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@ was found! No active process named :Commands was found! No active process named ipconfig /flushdns /c was found! No active process named [purity] was found! No active process named [resethosts] was found! No active process named [CREATERESTOREPOINT] was found! No active process named [EMPTYFLASH] was found! No active process named [Reboot] was found! OTM by OldTimer - Version 3.1.19.0 log created on 06032012_185141
  24. stuck
    Okay, I've removed both Adobe Reader and Java. And then reboot, and re-install the newest one. Then, I've run ESets and it took around 4 hours, So here's the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=67a7cc28605f114fb3b48cc2dfc5d06c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-06-06 03:26:16 # local_time=2012-06-05 11:26:16 (-0500, Eastern Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 90481613 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=330409 # found=6 # cleaned=0 # scan_time=15013 C:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe a variant of Win32/Keygen.CU application (unable to clean) 00000000000000000000000000000000 I C:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\dnload\Program\gamebooster2.1EN.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I C:\dnload\Program\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I C:\Users\Public\Hadoken should blast Mcafee.zap Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I C:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition.XXL-SALAD\flstudio_9.0.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
  25. stuck
    I've download the TFC software, and double click to go into a blue screen, and then restart the laptop. Then the same error message appears. Then I download the Security Check, and make the scan. While scanning, the Avira Security Alert suddenly pop-up with this message: Here's the log for Security Check: Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Eusing Free Registry Cleaner Java™ 6 Update 22 Java version out of date! Adobe Flash Player 11.2.202.233 Adobe Reader 9 Adobe Reader out of date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.