Jump to content

L5R

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. L5R
    I'll just keep them then, just in case. Other than that, everything seems fine now! Thank you so much for your help, I really appreciate it!
  2. L5R
    Hey DFB, everything feels back to normal now so that's great! I changed browser to Mozilla Firefox. Also I've uninstalled Combofix but I was wondering if I should uninstall the other software like SecurityCheck, RogueKiller and MBAR? Or would you recommend keeping any of them? Thank you so much!
  3. L5R
    I've just finished updating Java and Adobe Reader, are there any further steps required? Thank you!
  4. L5R
    <p>Here's the Bitdefender report:</p> <p> </p> <div> </div> <div>QuickScan 64-bit v0.9.9.118</div> <div>---------------------------</div> <div>Scan date: Mon May 27 07:47:03 2013</div> <div>Machine ID: B085552C</div> <div> </div> <div> </div> <div> </div> <div>No infection found.</div> <div>-------------------</div> <div> </div> <div> </div> <div> </div> <div>Processes</div> <div>---------</div> <div>(verified) StartKiller Application 4192 C:\Program Files\StartKiller\StartKiller.exe</div> <div>(verified) AVG Internet Security 5544 C:\Program Files (x86)\AVG\AVG2013\avgui.exe</div> <div>(verified) AVG PC TuneUp 5172 C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</div> <div>(verified) ConfigFree 6432 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe</div> <div>(verified) ConfigFree 6196 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe</div> <div>(verified) Google Chrome 240 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 4052 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 624 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 2092 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 2732 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 6028 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) Google Chrome 236 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div> <div>(verified) HD Audio Background Process 4764 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</div> <div>(verified) Intel® Common User Interface 4428 C:\Windows\System32\hkcmd.exe</div> <div>(verified) Intel® Common User Interface 5464 C:\Windows\System32\igfxext.exe</div> <div>(verified) Intel® Common User Interface 4468 C:\Windows\System32\igfxpers.exe</div> <div>(verified) Intel® Common User Interface 5072 C:\Windows\System32\igfxsrvc.exe</div> <div>(verified) Intel® Common User Interface 4344 C:\Windows\System32\igfxtray.exe</div> <div>(verified) KeNotify Application 5264 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe</div> <div>(verified) Malwarebytes Anti-Malware 4484 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>(verified) Message Center 4132 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe</div> <div>(verified) Microsoft® Windows® Operating System 4808 C:\Windows\explorer.exe</div> <div>(verified) Microsoft® Windows® Operating System 4736 C:\Windows\System32\dwm.exe</div> <div>(verified) Microsoft® Windows® Operating System 5876 C:\Windows\System32\taskeng.exe</div> <div>(verified) Microsoft® Windows® Operating System 4308 C:\Windows\System32\taskhost.exe</div> <div>(verified) Nero BackItUp 3444 C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe</div> <div>(verified) Realtek HD Audio Manager 4716 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</div> <div>(verified) Synaptics Pointing Device Driver 4124 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div> <div>(verified) TOSHIBA Flash Cards 4400 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</div> <div>(verified) TOSHIBA HDD SSD Alert 5576 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe</div> <div>(verified) Toshiba Notebook Registration 404 C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe</div> <div>(verified) TOSHIBA Power Saver 4868 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe</div> <div>(verified) TOSHIBA ReelTime 4160 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</div> <div>(verified) TOSHIBA Service Station 5516 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</div> <div>(verified) Toshiba TEMPRO 4196 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe</div> <div>(verified) TOSHIBA Zooming Utility 5016 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe</div> <div>(verified) Windows® Internet Explorer 3124 C:\Program Files\Internet Explorer\iexplore.exe</div> <div>(verified) Windows® Internet Explorer 6276 C:\Program Files\Internet Explorer\iexplore.exe</div> <div>(verified) Windows® Internet Explorer 6348 C:\Program Files\Internet Explorer\iexplore.exe</div> <div>(verified) Windows® Search 5812 C:\Windows\System32\SearchProtocolHost.exe</div> <div> </div> <div> </div> <div>Network activity</div> <div>----------------</div> <div>Process chrome.exe (4052) connected on port 443 (HTTP over SSL) --> 173.194.34.70</div> <div>Process chrome.exe (4052) connected on port 5222 (XMPP/Jabber) --> 74.125.132.125</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 159.253.146.202</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 159.253.146.202</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.24.95</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.24.95</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.24.95</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 159.253.146.202</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 159.253.146.202</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.77</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.77</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 176.255.246.171</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.132.99</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.132.99</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.132.94</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 74.125.132.94</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.122</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.122</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.121</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 173.194.34.121</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 46.228.164.11</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 54.240.166.203</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 2.19.147.167</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 176.255.246.201</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 217.72.250.66</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 31.186.225.24</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 31.186.225.24</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 2.20.39.196</div> <div>Process iexplore.exe (6276) connected on port 80 (HTTP) --> 108.162.232.4</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 74.125.24.95</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 74.125.24.95</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.41.106</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.41.106</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.41.106</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 74.125.138.121</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 74.125.138.121</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 208.43.120.24</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.41.99</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.41.99</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.34.79</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.34.79</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.41.100</div> <div>Process iexplore.exe (6348) connected on port 443 (HTTP over SSL) --> 173.194.41.100</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 2.19.159.139</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 2.19.159.139</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.34.69</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.34.69</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 173.194.34.69</div> <div>Process iexplore.exe (6348) connected on port 80 (HTTP) --> 176.255.246.184</div> <div> </div> <div> </div> <div> </div> <div>Autoruns and critical files</div> <div>---------------------------</div> <div>(unsigned) SmartFaceVWatcher C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe</div> <div> </div> <div>(verified) HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe</div> <div>(verified) StartKiller Application C:\Program Files\StartKiller\StartKiller.exe</div> <div>(verified) Toshiba Volume Regulator C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe</div> <div>(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2013\avgui.exe</div> <div>(verified) Default Manager C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe</div> <div>(verified) HD Audio Background Process C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</div> <div>(verified) Intel® Common User Interface C:\Windows\System32\hkcmd.exe</div> <div>(verified) Intel® Common User Interface C:\Windows\System32\igfxdev.dll</div> <div>(verified) Intel® Common User Interface C:\Windows\System32\igfxpers.exe</div> <div>(verified) Intel® Common User Interface C:\Windows\System32\igfxtray.exe</div> <div>(verified) KeNotify Application C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe</div> <div>(verified) Message Center C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe</div> <div>(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe</div> <div>(verified) Nero BackItUp C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe</div> <div>(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</div> <div>(verified) SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe</div> <div>(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div> <div>(verified) TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</div> <div>(verified) TOSHIBA HDD SSD Alert C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe</div> <div>(verified) Toshiba Notebook Registration C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe</div> <div>(verified) TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe</div> <div>(verified) TOSHIBA ReelTime C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</div> <div>(verified) TOSHIBA Service Station C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</div> <div>(verified) Toshiba TEMPRO C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe</div> <div>(verified) TOSHIBA Web Camera Application C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe</div> <div>(verified) TOSHIBA Zooming Utility C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe</div> <div> </div> <div> </div> <div>Browser plugins</div> <div>---------------</div> <div>(verified) Bitdefender QuickScan C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll</div> <div>(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll</div> <div>(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL</div> <div>(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div> <div>(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL</div> <div>(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll</div> <div>(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll</div> <div>(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll</div> <div>(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll</div> <div>(verified) NPSWF64_11_7_700_202.dll C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll</div> <div>(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll</div> <div> </div> <div> </div> <div>Scan</div> <div>----</div> <div>MD5: 4de2ee2a5186d74babc4e7f60d2ae989 C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe</div> <div>MD5: 6be1a6d5c978f6e57fc052c8f8c57540 C:\Program Files (x86)\TOSHIBA\PCDiag\NotifyPCD.dll</div> <div>MD5: ef4add840fb64b62c2a0e6699925a311 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll</div> <div>MD5: 05e8652d704175d366b4b123ee26f1b8 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll</div> <div>MD5: 58327838b09ebaed3ea86721434c0578 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll</div> <div>MD5: 220ba8df678118dd72d33b3f1bc377d0 C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll</div> <div>MD5: 4cf86120d5b040cfdfbfc1d3ccd947b1 C:\Program Files\TOSHIBA\Power Saver\TCooling.dll</div> <div>MD5: a7da2525a4344f79176a0dfa517e647e C:\Program Files\TOSHIBA\Power Saver\TFunc2.dll</div> <div>MD5: 9c4e90343294e9549fb81e52681f5008 C:\Program Files\TOSHIBA\Power Saver\TFunctab.dll</div> <div>MD5: 2e432b04edf8135d619e42acab77de35 C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll</div> <div>MD5: df7a114d5de40cafbeb4be5a85d800bb C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll</div> <div>MD5: e0b534b30741001cb4a5dfe7cdc4d1aa C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll</div> <div>MD5: e3a5bccde902cafb26b38655c96d1573 C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll</div> <div>MD5: 6742b4a075a90afa3515ec117a56a649 C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll</div> <div>MD5: 290ff9ceee331a781a6e074d0aced403 C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll</div> <div>MD5: c2975ff1603c3ba18249cfc8972ed5a7 C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll</div> <div>MD5: 3b80fe5f849b6928eaf591c44e00c610 C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll</div> <div>MD5: 31f829385328eca5ba89cc9481548dc7 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll</div> <div>MD5: 78f72d892c6adad140a1c83411000936 C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe</div> <div>MD5: 1850daaa7e7a2e543c4a299b58ac9162 C:\Program Files\WinRAR\RarExt.dll</div> <div>MD5: cb1f277cec7e3c632d17b56e4f3143dc C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b24b53e14b1a429b0f36a3044afb1a31\Microsoft.VisualBasic.ni.dll</div> <div>MD5: fd7467d5d1c921c62e01b8b8c56a4c71 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\05ae3bc162010cd25470c276297f1303\mscorlib.ni.dll</div> <div>MD5: 09a828778a367818c7f899640d188b5c C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3d91cdce6400743bc309a5e39212f1d5\PresentationCore.ni.dll</div> <div>MD5: e9087cd0bbc48a35cdb98464715993ac C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\788257bab792c2704841588120cf6ad1\System.Configuration.ni.dll</div> <div>MD5: 5ca53a68f413b011ba976b655a7903ca C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4caf9dcd9ab56ffd9b47fa0e6ac9a704\System.Drawing.ni.dll</div> <div>MD5: 5f8db784f4b58a4b5bb89fb9a654f5a9 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\370a46899f68fa613bdfd77734fd2117\System.Management.ni.dll</div> <div>MD5: aef5591957580c4ae612d539da8eee94 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\b2f0dceeed5c906820bdf5bbff7913e7\System.Runtime.Remoting.ni.dll</div> <div>MD5: 5f0cfd202acc8000629ee066008cc435 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\54fb82c01706e38a60d1e49121ac72f2\System.ServiceProcess.ni.dll</div> <div>MD5: 3be143948300ba876b7edc5a93843a0b C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2335170ef8a6a3bee4153f36e2cd2df4\System.Windows.Forms.ni.dll</div> <div>MD5: df83ee5382851c6c33fda15c2250f39f C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\470f2295a6009a7d0646f07a68709fe5\System.Xml.ni.dll</div> <div>MD5: e54e4924e1fd3a0055e581fe0d831e27 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9de65bdc66e79ce80b00c85a1b4ace59\System.ni.dll</div> <div>MD5: c8aa17d12d926f0df41f6d80b2ecc052 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\48988da6fc6a40a63f4f71912b02783c\WindowsBase.ni.dll</div> <div>MD5: 9201be2bab8a9ff8e20d8439ae3bb04d C:\Windows\system32\themeservice.dll</div> <div>MD5: 8bf20c54ffb37cfb960f708ffa813fa7 C:\Windows\System32\uxtheme.dll</div> <div>MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll</div> <div>MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll</div> <div>MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll</div> <div> </div> <div> </div> <div>No file uploaded.</div> <div> </div> <div>Scan finished - communication took 2 sec</div> <div>Total traffic - 0.07 MB sent, 2.74 KB recvd</div> <div>Scanned 1638 files and modules - 70 seconds</div> <div> </div> <div>==============================================================================</div> <div> </div>
  5. L5R
    Hey DFB, I've ran the ESET Online Scanner but the only log i'm getting is: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK I've tried running it again but it just gives me the same log. Is there a reason for this? Thanks again!
  6. L5R
    Here are the logs: OTL.txt OTL logfile created on: 5/26/2013 7:16:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.86 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 41.06% Memory free 5.72 Gb Paging File | 3.29 Gb Available in Paging File | 57.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149.04 Gb Total Space | 107.12 Gb Free Space | 71.87% Space Free | Partition Type: NTFS Drive D: | 148.65 Gb Total Space | 140.68 Gb Free Space | 94.64% Space Free | Partition Type: NTFS Computer Name: USER-TOSH | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/26 19:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe PRC - [2013/05/23 06:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2010/09/02 19:25:46 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010/08/15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010/06/03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2013/05/23 06:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll MOD - [2013/05/23 06:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll MOD - [2013/05/23 06:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll MOD - [2013/05/23 06:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll MOD - [2013/05/23 06:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/24 21:53:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/15 18:13:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010/05/11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/01/19 11:16:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 05:57:01 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2010/10/05 22:23:18 | 007,884,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/10/05 21:15:14 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/06/23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C95B573C-C244-4BFA-B1C3-39AB0510D636} IE:64bit: - HKLM\..\SearchScopes\{C95B573C-C244-4BFA-B1C3-39AB0510D636}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6ABE3B40-E036-457C-8FF1-6A6F650260FB} IE - HKLM\..\SearchScopes\{6ABE3B40-E036-457C-8FF1-6A6F650260FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = - IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://toshiba.msn.com IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\..\SearchScopes,DefaultScope = {6ABE3B40-E036-457C-8FF1-6A6F650260FB} IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=120518&tt=gc_&babsrc=SP_ss&mntrId=B08588252CC85B98 IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\..\SearchScopes\{6ABE3B40-E036-457C-8FF1-6A6F650260FB}: "URL" = http://www.bing.com/search?q={searchTerms}&r=453 IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\..\SearchScopes\{D2058B99-375B-447E-9012-A898C1D18CD8}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\..\SearchScopes\{E9E0294A-F5D3-4187-91E0-D25D839831A3}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013/03/13 13:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions [2013/05/24 20:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\Profiles\jojduxv5.default\extensions [2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\jojduxv5.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013/05/24 20:54:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\jojduxv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/05/24 20:15:42 | 000,006,503 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\jojduxv5.default\searchplugins\babylon.xml [2013/05/24 20:15:42 | 000,006,503 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\jojduxv5.default\searchplugins\BrowserProtect.xml [2013/05/24 21:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/24 21:53:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - Extension: Angry Birds = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Docs = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Slinky Elegant = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\ CHR - Extension: Guitarist's Reference = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk\1_0\ CHR - Extension: Google Search = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Youtube Subscriptions as Default Page = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\klljlfcipmgohgfdgmliaobikgdoeaah\1.1.4_0\ CHR - Extension: Gmail = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/05/25 22:33:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-21-2920553064-793539459-1004061606-1000..\Run: [start Killer] C:\Program Files\StartKiller\StartKiller.exe (Tordex) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2920553064-793539459-1004061606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAFEA559-16B7-4727-BBC3-272AF6FBCBF6}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/26 19:16:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe [2013/05/26 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\RK_Quarantine [2013/05/26 11:08:38 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\New folder [2013/05/26 10:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/05/25 22:38:08 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/25 22:33:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/05/25 22:24:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/25 22:24:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/25 22:24:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/25 22:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/25 22:24:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/25 22:23:35 | 005,071,432 | R--- | C] (Swearware) -- C:\Users\USER\Desktop\ComboFix.exe [2013/05/25 21:10:47 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\mbar-1.06.0.1003 [2013/05/25 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\Logs [2013/05/25 21:03:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/05/25 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\tdsskiller [2013/05/25 21:00:17 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\USER\Desktop\tdsskiller.exe [2013/05/25 18:04:06 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2013/05/25 18:04:01 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2013/05/25 18:04:01 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2013/05/25 18:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013/05/25 18:03:19 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\AVG [2013/05/25 18:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013/05/25 18:02:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/05/24 21:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/24 21:37:18 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes [2013/05/24 21:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/24 21:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/24 21:36:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/24 21:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/24 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\AVG2013 [2013/05/24 21:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/05/24 21:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/05/24 21:01:34 | 000,000,000 | ---D | C] -- C:\$AVG [2013/05/24 21:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/05/24 20:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/05/24 19:44:20 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Programs [2013/05/24 19:41:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013/05/24 19:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2013/05/22 15:24:31 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft Games [2013/05/19 19:28:07 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Games [2013/05/17 20:54:42 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Origin [2013/05/17 20:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013/05/17 20:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013/05/14 14:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013/05/14 14:51:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013/05/13 17:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013/05/13 11:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2013/05/13 11:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013/04/28 13:26:51 | 000,000,000 | ---D | C] -- C:\Users\USER\Tracing [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/26 19:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe [2013/05/26 19:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/26 19:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/26 11:20:22 | 011,395,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/26 11:20:22 | 005,590,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/26 11:20:22 | 000,005,006 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/26 11:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/26 11:10:20 | 000,791,040 | ---- | M] () -- C:\Users\USER\Desktop\RogueKillerX64.exe [2013/05/26 10:55:28 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/26 10:55:28 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/26 10:45:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/26 10:36:26 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013/05/26 00:54:00 | 2304,774,144 | -HS- | M] () -- C:\hiberfil.sys [2013/05/25 22:41:19 | 000,890,854 | ---- | M] () -- C:\Users\USER\Desktop\SecurityCheck.exe [2013/05/25 22:33:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/25 22:24:15 | 005,071,432 | R--- | M] (Swearware) -- C:\Users\USER\Desktop\ComboFix.exe [2013/05/25 21:10:15 | 013,169,742 | ---- | M] () -- C:\Users\USER\Desktop\mbar-1.06.0.1003.zip [2013/05/25 21:07:42 | 002,221,209 | ---- | M] () -- C:\Users\USER\Desktop\tdsskiller.zip [2013/05/25 21:00:18 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\USER\Desktop\tdsskiller.exe [2013/05/25 18:03:51 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2013/05/25 18:03:51 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013/05/24 21:36:55 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/24 21:02:56 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/05/23 23:10:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/05/18 16:24:36 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat [2013/05/17 22:10:53 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk [2013/05/15 18:13:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/05/15 18:13:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/05/15 13:06:43 | 005,148,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/26 11:10:19 | 000,791,040 | ---- | C] () -- C:\Users\USER\Desktop\RogueKillerX64.exe [2013/05/25 22:41:19 | 000,890,854 | ---- | C] () -- C:\Users\USER\Desktop\SecurityCheck.exe [2013/05/25 22:24:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/25 22:24:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/25 22:24:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/25 22:24:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/25 22:24:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/25 21:10:04 | 013,169,742 | ---- | C] () -- C:\Users\USER\Desktop\mbar-1.06.0.1003.zip [2013/05/25 21:07:32 | 002,221,209 | ---- | C] () -- C:\Users\USER\Desktop\tdsskiller.zip [2013/05/25 18:03:51 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2013/05/25 18:03:51 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013/05/25 18:03:45 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013/05/24 21:36:55 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/24 21:02:56 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/05/24 19:46:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/05/18 16:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2013/05/17 22:10:53 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > Extras.txt OTL Extras logfile created on: 5/26/2013 7:16:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.86 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 41.06% Memory free 5.72 Gb Paging File | 3.29 Gb Available in Paging File | 57.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149.04 Gb Total Space | 107.12 Gb Free Space | 71.87% Space Free | Partition Type: NTFS Drive D: | 148.65 Gb Total Space | 140.68 Gb Free Space | 94.64% Space Free | Partition Type: NTFS Computer Name: USER-TOSH | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2920553064-793539459-1004061606-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06A32239-2B4E-494F-BA09-F60F0966FCCD}" = rport=2869 | protocol=6 | dir=out | app=system | "{0824DEA4-2019-4969-B2F6-3D1F5327C1A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{15254A8B-5382-42F5-A027-FFD67942DC41}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{26EA747C-749C-494D-815D-2A041CD928EA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3E56CC70-671D-44E1-ABB4-FEEAC4C51AE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{49AE7F49-63B4-4C76-912B-7FB898309B07}" = lport=2869 | protocol=6 | dir=in | app=system | "{4FD9FFF0-01A6-4528-92A1-FB693C165F2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5240D10E-8484-479A-A5A8-5BE8D3FE8B63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6E52CD03-8AF3-4F2C-AD74-7897917658B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6ECA53D5-5F00-42B5-84AE-0A71C5BDCD6F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A0279630-F2DB-41E1-B10E-7A1AF78287B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{A52E33D4-38FC-4DBD-BF47-9F4709F44C34}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B20AAD03-3BBE-4D05-9CF5-B379ED068AD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B2D4CA52-8D24-4EAC-A4F1-27F9393BF237}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B4693652-4976-4FB7-9C91-720EFADB92E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C35A05DF-9AC8-4822-BDE1-88B6A2930D80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECC34979-2962-4846-A66D-5C0C77149106}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F4FA3C3-9422-4FDC-8055-235010679638}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1474B72A-F28B-43AC-992D-348082AE65D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{26876A6F-EF64-43B3-B225-047A2FD5C4B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2B02F1D1-ABEE-43E7-98CD-482C75272EFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{317FD15C-3D23-4148-9B00-483C7B0065C1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D77E457-1C2D-4B3F-9EF0-5D8E7B1D283C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{72316B25-203D-4268-B584-86DF66E2BAD9}" = protocol=6 | dir=out | app=system | "{84738785-BB4A-4978-A231-4F3677722BD0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{875293F8-F694-4501-99F4-543E3A84FE54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B86517C7-F182-4599-A394-48C44602960B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{C67202D4-90F4-4DE8-9A2A-4AE826F6E612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D30E52CF-FF78-4E68-B641-50A501B8AD5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DA6F321A-50DB-4E06-B577-BEA332CE1D7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E92D6A09-9491-4D38-9799-18E53E72B7F7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F0C9BF03-E435-4334-A230-6241805C48C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4EE3E03-3290-41C3-8EFE-3E92C74CD61E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7742970-0DF3-4EFA-992F-9F611FD9C270}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA97E05B-158F-4A4A-BAC3-D661B6503EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D43908B1-76F6-42FB-B97D-0F4694769ACF}" = Start Killer "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "4F214B105BE2C47A7C10086525680BB7DCF7DEEB" = Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000) "AVG" = AVG 2013 "E8AD071510D6DB50A4A5327191F59F7569D3BB7F" = Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US) "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "AVG PC TuneUp" = AVG PC TuneUp "Google Chrome" = Google Chrome "ImgBurn" = ImgBurn "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2920553064-793539459-1004061606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/22/2013 1:22:36 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/22/2013 1:22:36 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/22/2013 2:17:10 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/22/2013 2:17:10 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/23/2013 5:14:42 AM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/23/2013 5:14:42 AM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/23/2013 7:29:42 AM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/23/2013 7:29:42 AM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/23/2013 2:27:41 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/23/2013 2:27:41 PM | Computer Name = USER-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. [ Media Center Events ] Error - 4/28/2013 7:19:59 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 12:19:59 - Error connecting to the internet. 12:19:59 - Unable to contact server.. Error - 4/28/2013 7:20:08 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 12:20:04 - Error connecting to the internet. 12:20:04 - Unable to contact server.. Error - 4/30/2013 4:36:34 PM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 21:36:34 - Error connecting to the internet. 21:36:34 - Unable to contact server.. Error - 4/30/2013 4:36:42 PM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 21:36:39 - Error connecting to the internet. 21:36:39 - Unable to contact server.. Error - 4/30/2013 5:41:15 PM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 22:41:15 - Error connecting to the internet. 22:41:15 - Unable to contact server.. Error - 4/30/2013 5:41:21 PM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 22:41:20 - Error connecting to the internet. 22:41:20 - Unable to contact server.. Error - 5/1/2013 4:09:34 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 09:09:34 - Error connecting to the internet. 09:09:34 - Unable to contact server.. Error - 5/1/2013 4:09:41 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 09:09:40 - Error connecting to the internet. 09:09:40 - Unable to contact server.. Error - 5/1/2013 5:09:45 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 10:09:45 - Error connecting to the internet. 10:09:45 - Unable to contact server.. Error - 5/1/2013 5:09:51 AM | Computer Name = USER-TOSH | Source = MCUpdate | ID = 0 Description = 10:09:50 - Error connecting to the internet. 10:09:50 - Unable to contact server.. [ System Events ] Error - 5/20/2013 1:33:32 PM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 2:42:50 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 2:42:55 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 30013 Description = Error - 5/21/2013 6:08:31 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 6:08:38 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 6:08:46 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 30013 Description = Error - 5/21/2013 8:09:15 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 8:09:22 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = Error - 5/21/2013 8:09:22 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 30013 Description = Error - 5/21/2013 10:22:39 AM | Computer Name = USER-TOSH | Source = ipnathlp | ID = 31004 Description = < End of report >
  7. L5R
    Apologies for the late reply! The logs are attached. Thank you again! mbar-log-2013-05-26 (10-56-54).txt TDSSKiller.2.8.17.0_26.05.2013_11.07.17_log.txt RKreport1_S_05262013_02d1111.txt
  8. L5R
    Hey DFB, thanks for the help, much appreciated! No AVG pop-up's alerting me of the infection since after the 1st step which is great! All logs are attached and again, thank you very much for your help! TDSSKiller.2.8.16.0_25.05.2013_21.00.35_log.txt mbar-log-2013-05-25 (21-37-38).txt mbar-log-2013-05-25 (21-12-07).txt ComboFix.txt checkup.txt
  9. L5R
    Hello, Last night AVG popped up to alert me that I was infected with "Win64/Patched.A" on system.exe. It said that it could not be removed by AVG and that it had to be "manually removed". I downloaded the MalwareBytes software and it wiped out about 19 other threats, but now it is constantly popping to let me know it has blocked several other threats. I have attached both of the DDS Logs and any help would be greatly appreciated. Thank you! Josh dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.