Jump to content

Coupondropdown slowing down the laptop - TorrentHandler + OneClickDownload


Recommended Posts

Hello, Jeffce helped me clear my laptop of a virus about two months ago but it seems to have come back. I'm getting lots of 'coupondropdown' ads slowing down my web pages, although the actual ad itself is blocked becauseI have adblocker. Anyway, here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Buddha Watt at 7:07:08 on 2012-12-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5740.3763 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIIBA.EXE

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

c:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series"

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

mRun: [RMAlert] "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP

StartupFolder: C:\Users\BUDDHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{5F17C481-BEB3-4896-9274-EB1CB57A227C} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{E30CF66D-4C1E-4676-8E41-EC08B62E61E5} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{E30CF66D-4C1E-4676-8E41-EC08B62E61E5}\35B4957334544444 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{E30CF66D-4C1E-4676-8E41-EC08B62E61E5}\9433639313 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxps://twitter.com/#

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Buddha Watt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-03 18:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-21 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-21 38016]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005_413\BHDrvx64.sys [2012-11-30 1384608]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-9 41704]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSviA64.sys [2012-12-14 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-21 204288]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-11-8 179296]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-8 151648]

R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-7-24 474992]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-12-21 1809920]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-9-5 793048]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-12-21 20592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]

R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-12-21 35008]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-12-21 1142376]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-21 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-10-24 31800]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-21 247400]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-5 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-17 11:56:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-17 11:56:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-13 00:41:40 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-12-13 00:12:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 00:12:10 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 00:08:25 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 00:08:25 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-25 04:31:09 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-25 04:31:09 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-12-13 00:29:23 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 00:29:23 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-13 21:50:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-13 21:50:35 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-13 21:50:35 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 21:56:40 4178264 ----a-w- C:\Windows\SysWow64\d3dx9_41.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 03:16:58 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-09-25 03:16:53 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 7:09:46.88 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/02/2012 16:33:10

System Uptime: 17/12/2012 06:21:43 (1 hours ago)

.

Motherboard: TOSHIBA | | PWWBE

Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 780/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 29.308 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 139.994 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP75: 28/11/2012 03:00:14 - Windows Update

RP76: 12/12/2012 16:30:00 - Windows Update

RP77: 12/12/2012 18:37:23 - Restore Operation

RP78: 12/12/2012 19:38:26 - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

µTorrent

BBC iPlayer Desktop

Bejeweled 2 Deluxe

Bejeweled 3

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chicken Invaders 3 - Revenge of the Yolk

Chuzzle Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

DivX Setup

Download Navigator

EPSON XP-400 Series Printer Uninstall

ERUNT 1.1j

FATE

Final Drive: Nitro

Free Studio version 5.3.5

Free YouTube to MP3 Converter version 3.11.32.918

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback

Hotspot Shield 2.65

Insaniquarium Deluxe

iTunes

Java 7 Update 9 (64-bit)

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

MediaWidget 6.0

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Kwik Media

Nero Multimedia Suite 10 Essentials

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NeroKwikMedia Help (CHM)

Norton Internet Security

PC Tools Registry Mechanic 11.0

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Polar Bowler

PST Walker 5.09.1

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Revo Uninstaller Pro 2.5.9

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.0

Slingo Deluxe

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Online Product Information

TOSHIBA Places Icon Utility

TOSHIBA Recovery Media Creator

TOSHIBA Recovery Media Creator Reminder

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA TEMPRO

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

TRORMCLauncher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Utility Common Driver

VC80CRTRedist - 8.0.50727.6195

VirtualDJ Home FREE

vShare.tv plugin 1.3

Wedding Dash 2 - Rings Around the World

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.10 (32-bit)

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

17/12/2012 02:16:11, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

17/12/2012 02:16:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Buddhawatt,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Link to post
Share on other sites

P.S. Your logs showed some peer-to-peer filesharing apps: µTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Uninstall it and confirm doing so !

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Hello,

Ive done all those steps. Coupondropdown adverts are still popping up on facebook/twitter/youtube but the system seems to be working quicker. I have deleted Utorrent, please inform me if there's anything else that needs deleting. Something called 'vshare.tv plugin 1.3' is also coming up on the list of programs, but that might be harmless, I have no idea. Anyway, here are the logs:

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 06:46:17

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Buddha Watt - BUDDHAWATT-TOSH

# Boot Mode : Normal

# Running from : C:\Users\Buddha Watt\Downloads\adwcleaner(1).exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Buddha Watt\AppData\LocalLow\boost_interprocess

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3647 octets] - [01/11/2012 19:18:42]

AdwCleaner[R2].txt - [1016 octets] - [18/12/2012 06:46:17]

AdwCleaner[s1].txt - [3873 octets] - [03/11/2012 21:23:11]

########## EOF - C:\AdwCleaner[R2].txt - [1136 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.1.8 (12.17.2012:1)

OS: Windows 7 Home Premium x64

Ran by Buddha Watt on 18/12/2012 at 6:49:24.02

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Buddha Watt\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Users\Buddha Watt\appdata\locallow\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/12/2012 at 7:27:58.83

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Do these next, and for the time being, do not do any websurfing, and let's stay out of Facebook, Youtube, etc.

Step 1

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Hey, I haven't seen any of the ads since I followed those steps, but it's still early days and they seemed to come and go. Laptop seems to be working a bit quicker. Here are the logs, the RKReport followed by the MBAM one:

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Buddha Watt [Admin rights]

Mode : Scan -- Date : 12/18/2012 14:55:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX SATA Disk Device +++++

--- User ---

[MBR] e777fa5b9d4d45ff4399fe1df95192d7

[bSP] 00d7d4f671c346a188c15be81e76d0b5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12182012_02d1455.txt >>

RKreport[1]_S_12182012_02d1455.txt

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.18.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Buddha Watt :: BUDDHAWATT-TOSH [administrator]

18/12/2012 15:00:48

mbam-log-2012-12-18 (15-00-48).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 355306

Time elapsed: 1 hour(s), 15 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Upon further inspection, the ads are still there. You know those ones which underline certain words in paragraphs, and then when you scroll over them they produce a small advert for a phone or something in a box? I could get you a screenshot if you need one but they're just your standard ads

Link to post
Share on other sites

Screenshot not needed. Which web-sites do you visit?

The technical name escapes me just now, for what you are seeing. Those are embedded links to "descriptions" or external data related (maybe) to the word under your mouse.

So, move or position your mouse pointer to a neutral position {like some corner) so it is not hovering over any words.

The last MBAM scan shows yet another "trojan".

Do this next online scan

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites

Those 'information ads' are just coming up on forums. The coupondropdown bits are coming up on facebook/youtube/twitter like I said, although I've stopped going on them now as per your request. Here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-18 09:48:27

# local_time=2012-12-18 09:48:27 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3591 16777213 100 95 2043909 118460292 0 0

# compatibility_mode=5893 16776574 100 94 65547696 108332357 0 0

# scanned=154929

# found=0

# cleaned=0

# scan_time=10328

Link to post
Share on other sites

Recheck your privacy settings in Facebook, Twitter, Youtube, etc !! Tighten up your settings for all social websites.

The ESET online scan found nothing.

1) Do an Update run in your Norton antivirus (suite). Be sure it is up-to-date.

2) Restart system in Safe mode. See http://www.bleepingcomputer.com/forums/How_to_start_Windows_in_Safe_Mode-tut61.html

In safe mode, start Norton Antivirus and do a full system scan.

Do the fixes for items it tags as viruses, malware, infection.

3) Restart system in normal mode, and return, and report on result of Norton scan.

Tell me, which browser you use when visiting social websites !!!

You need to tighten up privacy settings in your browser(s).

Link to post
Share on other sites

This next link shows how to start your pc in Safe mode or Safe Mode with Networking.

http://www.bleepingc...-mode/#windows7

Do that. Do a full scan with your antivirus program. Let me know those results, and tell me, How is your system now ?

also, Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by Maurice Naggar
Link to post
Share on other sites

OK that's all taken care of. Norton found 17 threats and resolved them all, all tracking cookies. The system seems to be working quicker and I haven't seen any ads since. I'll edit this post if I see any in the next few hours. Here's the log for the Security Check:

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Flash Player 11.5.502.135

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

TOSHIBA TOSHIBA Online Product Information TOPI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Next

How do

those 'information ads' pop up
show themselves? In a pop up window in your browser? yes/no

What browser was in use ?

Can you take a screenshot of the next pop-up ad & then give a link to it in a new reply?

Link to post
Share on other sites

P.S. More follow-ups for you.

See this article at BleepingComputer by Lawrence Abrams

http://www.bleepingcomputer.com/virus-removal/remove-coupondropdown

Now, do NOT do any registry changes or tweaks on your own. That's to say, stay out of Regedit. Do not use any registry tweaker/ fixer / optimizer .....etc.

Review/study the article by Lawrence.

Scan your list of Installed programs in Control Panel, and any from his list that you find, you should Uninstall.

Likewise, review each of your Browsers and compare his list of add-ons and remove them if you find them in any of your browsers.

Let me know what you find, and what you remove.

Please keep a list on paper as you go along.

Link to post
Share on other sites

Hello, I have installed the new adobe reader. I followed the steps that Lawrence Abrams laid out but found nothing, and therefore removed nothing. The ads are appearing on firefox, that's the only one I use. They just pop up as little side windows to the page, they aren't actually new windows though. I took a screenshot that I will attach.post-119765-0-76465100-1356129198.png

Link to post
Share on other sites

What website was this (the one with the ad above) ?

What are the other sites (if any) where you get 'these' ads ? I'd like to have a list from you.

Are you visiting some "product bidding" sites ?

Next,

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|CouponDropDown;true;true;true; /FP
    c:|FBPhotoZoom;true;true;true; /FP
    c:|HDvid Codec;true;true;true; /FP
    c:|GoPhoto.it;true;true;true; /FP
    c:|Incredibar;true;true;true; /FP
    c:|IB Updater;true;true;true; /FP
    c:|OneClickDownload;true;true;true; /FP
    c:|Online HD TV;true;true;true; /FP
    c:|PutLockerDownloader;true;true;true; /FP
    c:|StartNow Toolbar;true;true;true; /FP
    c:|TornTV;true;true;true; /FP
    c:|TorrentHandler;true;true;true; /FP
    c:|Yontoo;true;true;true; /FP
    c:|crossride;true;true;true; /FP
    c:|conduit;true;true;true; /FP
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Attach the OTL log(s) .

Link to post
Share on other sites

Hmmm well the sites I remember seeing those adverts on are: ebay.com, rapmusic.com, dailymail.co.uk, thesun.co.uk

Those are certainly the main ones I remember seeing those adverts frequently pop up on. Like I said, I use ebay but that's the only 'product bidding site' I go on. Here are the logs:

OTL logfile created on: 22/12/2012 15:10:43 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddha Watt\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 65.56% Memory free

11.21 Gb Paging File | 8.96 Gb Available in Paging File | 79.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 30.03 Gb Free Space | 20.15% Space Free | Partition Type: NTFS

Drive D: | 148.65 Gb Total Space | 139.93 Gb Free Space | 94.13% Space Free | Partition Type: NTFS

Computer Name: BUDDHAWATT-TOSH | User Name: Buddha Watt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/22 15:08:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddha Watt\Downloads\OTL(1).exe

PRC - [2012/12/13 19:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/24 20:26:42 | 000,474,992 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2012/04/26 18:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2012/04/26 18:08:24 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2012/01/15 15:58:54 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010/08/15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2011/11/02 03:01:00 | 000,179,296 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2011/11/02 03:01:00 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/21 19:31:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/15 00:17:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/13 19:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/11/09 16:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)

SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/24 20:36:22 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012/07/24 20:26:42 | 000,474,992 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2012/04/26 18:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011/02/11 17:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)

SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/20 15:21:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\SymDS64.sys -- (SymDS)

DRV:64bit: - [2012/10/04 01:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccSetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/09/07 01:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/10 02:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2012/04/06 18:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/21 17:17:41 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/12/30 15:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2012/12/22 09:29:17 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121221.024\ex64.sys -- (NAVEX15)

DRV - [2012/12/22 09:29:17 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121221.024\eng64.sys -- (NAVENG)

DRV - [2012/12/19 16:40:42 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121221.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/11/29 23:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/09 20:22:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 11:34:58 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {FE6A8B20-8A57-494D-A492-1CD88EB489BC}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{FE6A8B20-8A57-494D-A492-1CD88EB489BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB469

IE - HKCU\..\SearchScopes\{FE6A8B20-8A57-494D-A492-1CD88EB489BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB469

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.startup.homepage: "https://twitter.com/#"

FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9

FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145

FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203

FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.2.2.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Buddha Watt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2012/12/22 09:06:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/09 15:29:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012/12/20 17:37:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/15 00:17:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/21 19:22:24 | 000,000,000 | ---D | M]

[2012/02/03 22:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Extensions

[2012/11/25 04:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions

[2012/06/25 22:50:20 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2012/11/14 01:08:12 | 000,202,367 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\TorrentHandler@TorrentHandler.com.xpi

[2012/12/12 21:36:42 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012/11/25 04:33:49 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/15 00:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/15 00:17:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/06/09 15:29:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012/12/22 09:06:47 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\COFFPLGN

[2012/12/20 17:37:20 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPLGN

[2012/12/15 00:17:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/12/15 00:17:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/12/15 00:17:21 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Buddha Watt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Buddha Watt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Buddha Watt\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll

CHR - Extension: vshare plugin = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Skype Click to Call = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: Norton Identity Protection = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/14 06:17:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" File not found

O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F17C481-BEB3-4896-9274-EB1CB57A227C}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E30CF66D-4C1E-4676-8E41-EC08B62E61E5}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: sndappv2 - service

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sndappv2 - service

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/22 02:51:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/22 02:51:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/22 02:51:49 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/22 02:51:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/21 19:31:05 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/21 19:31:05 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/21 19:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/12/21 16:33:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/12/20 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\Documents\Symantec

[2012/12/20 17:34:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/12/20 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/12/18 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/12/18 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\Desktop\RK_Quarantine

[2012/12/18 06:49:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/18 06:48:53 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/17 11:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/17 11:56:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/17 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/15 00:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/12/13 00:41:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/12/13 00:41:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/12/13 00:41:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/12/13 00:41:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/12/13 00:41:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/12/13 00:41:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/12/13 00:41:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/12/13 00:41:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/12/13 00:41:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/12/13 00:41:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/12/13 00:41:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/12/13 00:41:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/12/13 00:41:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/12/13 00:41:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/12/13 00:41:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/12/13 00:11:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/12/13 00:11:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/12/13 00:11:29 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/12/13 00:11:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/12/13 00:11:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/12/13 00:11:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/12/13 00:11:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/12/13 00:11:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/12/13 00:11:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/12/13 00:11:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/12/13 00:11:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/12/13 00:11:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/12/13 00:11:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/12/13 00:11:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/12/13 00:11:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/12/13 00:11:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 00:11:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 00:11:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 00:11:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 00:11:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 00:11:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/12/13 00:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/12/13 00:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/12/13 00:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 00:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 00:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 00:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/12/13 00:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/12/13 00:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/12/13 00:11:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/12/13 00:11:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 00:11:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/12/13 00:11:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 00:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 00:11:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/12/13 00:11:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/13 00:11:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/12/13 00:11:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/12/13 00:08:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012/12/13 00:08:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012/11/25 18:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/25 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/11/25 04:34:54 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/25 04:34:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/25 04:34:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/25 04:34:22 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/25 04:34:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/25 04:34:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/25 04:34:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/25 04:34:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/25 04:34:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/25 04:31:09 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/25 04:31:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

========== Files - Modified Within 30 Days ==========

[2012/12/22 15:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/22 14:24:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/22 11:34:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/22 11:34:25 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/22 11:34:25 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/22 11:31:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/22 09:15:26 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/22 09:15:26 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/22 09:07:11 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job

[2012/12/22 09:07:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/22 09:06:25 | 000,418,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/22 09:05:37 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/22 09:05:35 | 001,570,844 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB

[2012/12/21 19:31:05 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/21 19:31:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/21 19:22:24 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/20 17:34:25 | 000,002,508 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/12/20 17:34:15 | 000,001,262 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\Norton Installation Files.lnk

[2012/12/20 15:21:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/12/20 15:21:49 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/12/20 15:21:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/12/18 06:40:59 | 000,000,935 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\NTREGOPT.lnk

[2012/12/18 06:40:59 | 000,000,916 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\ERUNT.lnk

[2012/12/17 11:56:24 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/16 17:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/16 14:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/16 14:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/16 14:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/11 00:04:10 | 000,073,968 | ---- | M] () -- C:\Users\Buddha Watt\Documents\532497_10151117996115916_216397171_n.jpg

========== Files Created - No Company Name ==========

[2012/12/21 19:31:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/21 19:22:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/21 19:22:24 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/20 15:12:42 | 000,001,262 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\Norton Installation Files.lnk

[2012/12/18 06:40:59 | 000,000,935 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\NTREGOPT.lnk

[2012/12/18 06:40:59 | 000,000,916 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\ERUNT.lnk

[2012/12/17 11:56:24 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/11 00:04:06 | 000,073,968 | ---- | C] () -- C:\Users\Buddha Watt\Documents\532497_10151117996115916_216397171_n.jpg

[2012/10/30 18:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2012/03/26 21:06:38 | 000,000,000 | ---- | C] () -- C:\Users\Buddha Watt\defogger_reenable

[2011/12/21 17:47:01 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2011/12/21 17:32:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/12/21 17:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/12/21 17:10:35 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/02/09 03:22:08 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Adobe

[2012/02/04 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Apple Computer

[2012/02/03 21:37:14 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\ATI

[2012/02/03 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\BSD

[2012/10/08 21:23:20 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\DAEMON Tools Lite

[2012/06/10 15:56:35 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\DivX

[2012/09/25 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoft

[2012/10/25 04:24:21 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Electronic Arts

[2012/02/03 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Google

[2012/02/03 21:34:44 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Identities

[2012/09/04 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\InstallShield

[2012/02/03 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Macromedia

[2012/03/27 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Malwarebytes

[2010/11/21 07:16:41 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Media Center Programs

[2012/08/26 15:18:08 | 000,000,000 | --SD | M] -- C:\Users\Buddha Watt\AppData\Roaming\Microsoft

[2012/02/03 22:12:33 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla

[2012/02/13 02:13:50 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Nero

[2012/09/06 23:02:17 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Registry Mechanic

[2012/12/21 11:54:17 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Skype

[2012/10/09 22:06:27 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Sports Interactive

[2012/03/26 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Toshiba

[2012/02/03 22:06:35 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\TOSHIBA Online Product Information

[2012/11/15 02:03:43 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Uniblue

[2012/12/18 06:50:28 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\uTorrent

[2012/09/04 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\WinBatch

[2012/02/04 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< c:|CouponDropDown;true;true;true; /FP >

< c:|FBPhotoZoom;true;true;true; /FP >

< c:|HDvid Codec;true;true;true; /FP >

< c:|GoPhoto.it;true;true;true; /FP >

< c:|Incredibar;true;true;true; /FP >

< c:|IB Updater;true;true;true; /FP >

< c:|OneClickDownload;true;true;true; /FP >

[2012/10/08 21:25:56 | 000,000,000 | ---D | M] -- c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\OneClickDownload@OneClickDownload.com

[2012/10/08 21:30:56 | 000,000,000 | ---D | M] -- c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\OneClickDownload@OneClickDownload.com\simple-storage

< c:|Online HD TV;true;true;true; /FP >

< c:|PutLockerDownloader;true;true;true; /FP >

< c:|StartNow Toolbar;true;true;true; /FP >

< c:|TornTV;true;true;true; /FP >

< c:|TorrentHandler;true;true;true; /FP >

[2012/10/08 21:25:04 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\TorrentHandler

[2012/10/08 21:25:56 | 000,000,000 | ---D | M] -- c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\TorrentHandler@TorrentHandler.com

[2012/10/08 21:30:56 | 000,000,000 | ---D | M] -- c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\TorrentHandler@TorrentHandler.com\simple-storage

< c:|Yontoo;true;true;true; /FP >

< c:|crossride;true;true;true; /FP >

< c:|conduit;true;true;true; /FP >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 22/12/2012 15:10:43 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddha Watt\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 65.56% Memory free

11.21 Gb Paging File | 8.96 Gb Available in Paging File | 79.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 30.03 Gb Free Space | 20.15% Space Free | Partition Type: NTFS

Drive D: | 148.65 Gb Total Space | 139.93 Gb Free Space | 94.13% Space Free | Partition Type: NTFS

Computer Name: BUDDHAWATT-TOSH | User Name: Buddha Watt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0432B3D2-6C78-463C-A3DA-29DB2CB65059}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{07F61790-BD5F-4C8D-B2F2-164EE56E2284}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{08021F86-2EE8-450E-904A-FEA924973493}" = lport=138 | protocol=17 | dir=in | app=system |

"{197A5768-8797-47BF-B1FA-1263742409E9}" = lport=445 | protocol=6 | dir=in | app=system |

"{1B1CE16B-A9CF-4A0D-8F16-23FB0FB1840B}" = rport=138 | protocol=17 | dir=out | app=system |

"{56FC7CCF-4F28-496F-9EE7-B10602ED1673}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5861ECA8-5ACD-46E9-ADDA-A41B6239103E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |

"{5A247D79-3F89-4DB7-8B14-118130DA5212}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5CEDB313-A088-4A69-9E6E-5BFF4B2F08B7}" = rport=445 | protocol=6 | dir=out | app=system |

"{63025224-DBDA-4AA0-B03F-4530A2E3A50E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{78BFE516-8924-449C-B71F-BDFECD633B3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7917FD48-3FAC-4C3E-842C-AAB688AEF37F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7B00A624-8C86-4A51-AD69-3F41E86FABF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{97CDCDAF-BDB3-4B0C-9EA0-6E12FC3DB225}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A0E3694B-2F0E-4476-860C-DFC3CE3580C5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B067BEA9-D477-43AD-BFC3-BBBC266C5664}" = rport=137 | protocol=17 | dir=out | app=system |

"{B393F7A6-6B6B-45C0-AE3E-45730D097EE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C41ABAEC-31B0-40AA-AA30-78CF1422E507}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |

"{C558D0B6-FD54-48F3-8A83-A78C72925F5B}" = lport=137 | protocol=17 | dir=in | app=system |

"{C62D4EB9-DBFE-4F56-9121-D26AFCFDBFA0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D6AAAF1C-783B-407C-9FFF-8AE9C55E7584}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E216A561-0AD8-4038-845B-DB5B39553C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E2AD0003-767C-4D21-BC5A-9C3C1DB3E527}" = lport=139 | protocol=6 | dir=in | app=system |

"{E46BDEB1-AC77-45D1-B5EA-1DDC9D352CAF}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E7555C12-5358-46DB-AC3E-4A9CCB751ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EB214939-AEC8-4344-82C3-FEB01005F11E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EEB51AC7-0A48-4831-AE5F-A042107055CF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |

"{F29519CB-2F3D-49F3-B1A1-2CA64EC1B0D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F3C47FAB-B903-4825-94CC-F865D8358B23}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C8D019-100B-4A2C-A575-D0CA2A450381}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0B711182-C0D9-4C08-AD11-2927C66551C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0CDCF9DF-4D59-415E-83E3-0C5A2EBDDDB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{181846C1-F17D-4937-9922-F8BEFD917541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{21F7CCF9-A765-4117-A8D2-11FDE24E28C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{31B84DE6-2447-491F-B173-BDC9A8E3B470}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{363D2DCF-FF75-4707-9EC6-BC10CDEC6B72}" = protocol=6 | dir=in | app=c:\users\buddha watt\downloads\loe_pesci_-_good_x2_-_bootleg_-_2012-utp_downloader_119b.exe |

"{39F66F0A-618E-4E93-84D6-FF987D5DEFA8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{3B4D26F0-BA99-4FDA-A825-D9959338446B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3BF27772-9F31-49D4-893E-7E0E916BD04D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3DAB1EC8-AB3D-4A78-906B-69BF77B47EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{413E4D02-AC48-4814-9B32-B10D2559CE8E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{47EDDFD7-E9D7-429A-83D6-7001553F6E8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5CC7979F-0DAF-43A1-AC06-FA02C39EA50E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6D96930D-BF00-46FB-94A8-100820203E5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6F8C95EB-FC13-4111-9A69-2EEBB45942E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{86888EFA-8DA5-4B87-ABD7-B6FB3DA25BFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{91ED4E7F-072B-41EB-AD45-74C4FA70B78C}" = protocol=6 | dir=out | app=system |

"{9B791374-1BDE-4060-B314-CD4D46CCDD4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{9C01AFF5-858C-4F23-9319-8950AF0F04B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{9E61EC0A-2F89-41B4-AFD2-99214121C220}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{A57FBCB6-CC41-41F3-B271-8B0E4CEA7D34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A81A0E4A-6977-4719-B5A7-F286B9977797}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{AF0FB00E-913D-4BF1-9FDC-01E7440A868E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{B6538D5E-E3B2-49BF-BD73-B7CFFBE8032D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{BD8B9042-41A3-4E9F-92C7-0DDCFDA56C0D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{BE371746-97C0-47CE-A3EB-41D2AE0F10BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C5068311-2E60-46FD-ABF1-DDBC36EFCA94}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |

"{C57F6DB9-8307-43F2-8580-53D1196BC640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C8255E88-D228-4095-9F5F-0BA98A7B9DE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CC383338-1A05-4995-A41A-9DB35974C95D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |

"{D399AAC2-0627-48B3-8ECD-60EABEADAD89}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |

"{D8B8F8CA-8742-4E16-924D-B41909CE62F0}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |

"{DEB42EB1-F221-4000-8A18-A65B754B185C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E62145B3-75B7-4549-B1F6-6552DAE50C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FBFBB6D1-26E3-4698-A0CF-E1390E093526}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FE6373F0-2CC8-4B72-8D99-3886FA2B739B}" = protocol=17 | dir=in | app=c:\users\buddha watt\downloads\loe_pesci_-_good_x2_-_bootleg_-_2012-utp_downloader_119b.exe |

"TCP Query User{FD3C68E5-14A4-449E-B676-CA717C64ABEB}C:\users\buddha watt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\buddha watt\appdata\roaming\spotify\spotify.exe |

"UDP Query User{10A3AEEF-26DF-402D-A6DD-CF03654F2620}C:\users\buddha watt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\buddha watt\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)

"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6167672A-758D-9960-C32C-47A15E180A70}" = ATI Catalyst Install Manager

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99D90334-5A27-22AA-0CC9-BB2E7FE4608E}" = ccc-utility64

"{B0CF6A06-8D6E-3C49-1B5E-75027D2AB2FB}" = AMD Media Foundation Decoders

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{019A5307-B53F-DEC7-BF70-E20C2A121E65}" = Catalyst Control Center InstallProxy

"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{094FD5E0-01D2-AAB1-027F-A80F8CAB1477}" = CCC Help Italian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{10097883-9F66-3920-8C7E-3239E72953B3}" = CCC Help Greek

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials

"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23DECD57-2D3E-59DE-215C-9B2118FFF9C1}" = CCC Help Korean

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{24C934DB-D7F8-797E-8937-BF9BA23F1128}" = Catalyst Control Center Graphics Previews Common

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29A4049F-58A7-E0D9-991D-A1A672E51EFE}" = CCC Help Thai

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005

"{2E823133-4B6B-60A4-43F4-E586F01FCCCA}" = AMD VISION Engine Control Center

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A3A3B34-6EA2-4031-8580-D66D29533E89}" = Download Navigator

"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop

"{3E1C0066-D04D-863E-3381-9FD232A888A2}" = CCC Help Portuguese

"{401E17B0-7A9E-3173-42B6-B3A780A2934A}" = CCC Help German

"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{54B80F68-3A7C-1931-AFE8-CA9BABC3EC4D}" = CCC Help English

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback

"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68625052-E88D-8598-3E83-9AE6B5D6394D}" = Catalyst Control Center Localization All

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8BABB47D-F46A-4AD1-8548-4C6292232D18}" = CCC Help Finnish

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals

"{9158DA86-4AC8-6EA5-20B1-36B3F9CF6497}" = CCC Help Czech

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{988C14A1-37AC-EB3F-B607-DED60CEE16E8}" = CCC Help Polish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A713F0C-D077-9B5F-4E0D-D21657387965}" = CCC Help Dutch

"{9A828AEE-658C-0AA0-7B13-83CC644A7E97}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{B09443E0-838F-6C14-83E4-DFF68F25D688}" = CCC Help Japanese

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B946C4A5-E889-D859-AAB1-DE0C00902115}" = CCC Help Russian

"{C1F6CAC5-20D3-C4AA-B867-0836493AB636}" = CCC Help Turkish

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA8EF8F2-AF33-253B-7A5E-51E7B1AA6E42}" = CCC Help Hungarian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DED61893-3D8D-C863-5913-AACB740063C2}" = CCC Help Spanish

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EAE8B2AB-DDD1-3F5E-42F5-EB54BAE8A7BE}" = CCC Help Swedish

"{ED7B4752-749D-3BA8-2CEB-5AC5A7FADF36}" = CCC Help French

"{EE99A545-DFC9-EF57-5EDC-43F7B6855AB3}" = CCC Help Danish

"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F510D82F-CD6A-0983-EF06-66004AC50565}" = CCC Help Chinese Standard

"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FCB1966E-4ACF-6648-8E7C-0D8C2EE573CA}" = CCC Help Norwegian

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"DivX Setup" = DivX Setup

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"Free Studio_is1" = Free Studio version 5.3.5

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918

"HotspotShield" = Hotspot Shield 2.65

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PST Walker_is1" = PST Walker 5.09.1

"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0

"vShare.tv plugin" = vShare.tv plugin 1.3

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.10 (32-bit)

"WTA-09336d28-c466-4069-a08f-723c617ffcf2" = Polar Bowler

"WTA-0d7c4320-706f-4d74-b91e-7e6709fdd64d" = Diner Dash 2 Restaurant Rescue

"WTA-291ce1b6-3964-4a75-ae59-ba583162f06e" = Bejeweled 3

"WTA-3070b09d-cd40-4fc1-b913-8bb707bc1846" = Wedding Dash 2 - Rings Around the World

"WTA-358d7533-caa6-4bac-a8a5-08a88d3bbff0" = Final Drive: Nitro

"WTA-46f16870-2347-4480-b267-22170283889d" = Insaniquarium Deluxe

"WTA-6aceebd8-9977-4cb8-92ba-65ec5f1d22e0" = Slingo Deluxe

"WTA-7a751f9b-6581-4cc8-ba1c-17013ace1ac1" = FATE

"WTA-83916957-74c2-4629-a64f-0b48adcc4337" = Zuma Deluxe

"WTA-8a4f2211-3cf0-44ef-9012-625033d63774" = Bejeweled 2 Deluxe

"WTA-8aae8c18-c4cf-4576-aa00-c53e35cd0463" = Penguins!

"WTA-8e06b910-a1fa-40ad-a332-38a115e76fae" = Chuzzle Deluxe

"WTA-9f6a4d9c-837d-4cf7-bd17-dbca38710391" = Chicken Invaders 3 - Revenge of the Yolk

"WTA-b6ed4634-4ffb-4604-bef5-e0190f3d3522" = Plants vs. Zombies - Game of the Year

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 19/12/2012 15:15:38 | Computer Name = BuddhaWatt-TOSH | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4180

Error - 19/12/2012 15:15:40 | Computer Name = BuddhaWatt-TOSH | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/12/2012 15:15:40 | Computer Name = BuddhaWatt-TOSH | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6598

Error - 19/12/2012 15:15:40 | Computer Name = BuddhaWatt-TOSH | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6598

Error - 20/12/2012 13:35:19 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

Error - 20/12/2012 13:47:16 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

Error - 21/12/2012 07:31:46 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

Error - 21/12/2012 12:35:57 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

Error - 21/12/2012 13:35:12 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

Error - 22/12/2012 05:07:28 | Computer Name = BuddhaWatt-TOSH | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 12:34:52 | Computer Name = BuddhaWatt-TOSH | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 21/12/2012 13:50:30 | Computer Name = BuddhaWatt-TOSH | Source = BROWSER | ID = 8032

Description =

Error - 21/12/2012 17:59:01 | Computer Name = BuddhaWatt-TOSH | Source = BROWSER | ID = 8032

Description =

Error - 21/12/2012 22:51:09 | Computer Name = BuddhaWatt-TOSH | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

Your system has a couple of adwares onboard: TorrentHandler + OneClickDownload

We Need to Run a Batch Script to remove those

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    del /f /q c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\OneClickDownload@OneClickDownload.com
    del /f /q c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack\OneClickDownload@OneClickDownload.com\simple-storage
    rd /s /q c:\Program Files (x86)\TorrentHandler
    rd /s /q c:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\jetpack
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. CLOSE all browsers, most especially Firefox.
  10. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  11. Press Yes if prompted by User Account Control.

Link to post
Share on other sites

The batch files runs very quickly in the Command prompt window.

Please restart Windows fresh !

Next, a new run of OTL

Locate the OTL.exe on your Desktop

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt

Link to post
Share on other sites

Ok I've followed those steps I think. Here's the log:

OTL logfile created on: 23/12/2012 16:51:44 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddha Watt\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 76.77% Memory free

11.21 Gb Paging File | 9.72 Gb Available in Paging File | 86.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 30.61 Gb Free Space | 20.54% Space Free | Partition Type: NTFS

Drive D: | 148.65 Gb Total Space | 139.93 Gb Free Space | 94.13% Space Free | Partition Type: NTFS

Computer Name: BUDDHAWATT-TOSH | User Name: Buddha Watt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/22 15:08:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddha Watt\Desktop\OTL(1).exe

PRC - [2012/12/13 19:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/11/09 16:21:24 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe

PRC - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/24 20:26:42 | 000,474,992 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2012/04/26 18:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2012/04/26 18:08:24 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2012/01/15 15:58:54 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010/08/15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2011/11/02 03:01:00 | 000,179,296 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2011/11/02 03:01:00 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/21 19:31:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/15 00:17:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/13 19:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/11/09 16:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)

SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/24 20:36:22 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012/07/24 20:26:42 | 000,474,992 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2012/04/26 18:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011/02/11 17:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)

SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/20 15:21:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\SymDS64.sys -- (SymDS)

DRV:64bit: - [2012/10/04 01:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccSetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/09/07 01:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/10 02:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2012/04/06 18:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/21 17:17:41 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/12/30 15:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2012/12/22 09:29:17 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121221.024\ex64.sys -- (NAVEX15)

DRV - [2012/12/22 09:29:17 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121221.024\eng64.sys -- (NAVENG)

DRV - [2012/12/19 16:40:42 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121221.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/11/29 23:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/09 20:22:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 11:34:58 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {FE6A8B20-8A57-494D-A492-1CD88EB489BC}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{FE6A8B20-8A57-494D-A492-1CD88EB489BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB469

IE - HKCU\..\SearchScopes\{FE6A8B20-8A57-494D-A492-1CD88EB489BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB469

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.startup.homepage: "https://twitter.com/#"

FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9

FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145

FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203

FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.2.2.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Buddha Watt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2012/12/23 16:50:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/09 15:29:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012/12/20 17:37:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/15 00:17:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/21 19:22:24 | 000,000,000 | ---D | M]

[2012/02/03 22:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Extensions

[2012/11/25 04:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions

[2012/06/25 22:50:20 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2012/11/14 01:08:12 | 000,202,367 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\TorrentHandler@TorrentHandler.com.xpi

[2012/12/12 21:36:42 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012/11/25 04:33:49 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/15 00:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/15 00:17:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/06/09 15:29:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012/12/23 16:50:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\COFFPLGN

[2012/12/20 17:37:20 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPLGN

[2012/12/15 00:17:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/12/15 00:17:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/12/15 00:17:21 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Buddha Watt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Buddha Watt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Buddha Watt\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll

CHR - Extension: vshare plugin = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Skype Click to Call = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: Norton Identity Protection = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Buddha Watt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/14 06:17:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" File not found

O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F17C481-BEB3-4896-9274-EB1CB57A227C}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E30CF66D-4C1E-4676-8E41-EC08B62E61E5}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/22 15:08:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Buddha Watt\Desktop\OTL(1).exe

[2012/12/21 19:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/12/21 16:33:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/12/20 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\Documents\Symantec

[2012/12/20 17:34:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/12/20 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/12/18 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/12/18 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Buddha Watt\Desktop\RK_Quarantine

[2012/12/18 06:49:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/18 06:48:53 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/17 11:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/17 11:56:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/17 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/15 00:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/11/25 18:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/25 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/12/23 16:58:01 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/23 16:58:01 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/23 16:50:26 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job

[2012/12/23 16:50:23 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/23 16:50:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/23 16:49:51 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/23 16:47:50 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/23 16:47:50 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/23 16:47:50 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/23 16:37:49 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/23 16:37:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/22 15:08:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddha Watt\Desktop\OTL(1).exe

[2012/12/22 09:06:25 | 000,418,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/22 09:05:35 | 001,570,844 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB

[2012/12/21 19:22:24 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/20 17:34:25 | 000,002,508 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/12/20 17:34:15 | 000,001,262 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\Norton Installation Files.lnk

[2012/12/20 15:21:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/12/20 15:21:49 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/12/20 15:21:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/12/18 06:40:59 | 000,000,935 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\NTREGOPT.lnk

[2012/12/18 06:40:59 | 000,000,916 | ---- | M] () -- C:\Users\Buddha Watt\Desktop\ERUNT.lnk

[2012/12/17 11:56:24 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/11 00:04:10 | 000,073,968 | ---- | M] () -- C:\Users\Buddha Watt\Documents\532497_10151117996115916_216397171_n.jpg

========== Files Created - No Company Name ==========

[2012/12/21 19:31:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/21 19:22:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/21 19:22:24 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/20 15:12:42 | 000,001,262 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\Norton Installation Files.lnk

[2012/12/18 06:40:59 | 000,000,935 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\NTREGOPT.lnk

[2012/12/18 06:40:59 | 000,000,916 | ---- | C] () -- C:\Users\Buddha Watt\Desktop\ERUNT.lnk

[2012/12/17 11:56:24 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/11 00:04:06 | 000,073,968 | ---- | C] () -- C:\Users\Buddha Watt\Documents\532497_10151117996115916_216397171_n.jpg

[2012/10/30 18:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2012/03/26 21:06:38 | 000,000,000 | ---- | C] () -- C:\Users\Buddha Watt\defogger_reenable

[2011/12/21 17:47:01 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2011/12/21 17:32:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/12/21 17:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/12/21 17:10:35 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/03 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\BSD

[2012/10/08 21:23:20 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\DAEMON Tools Lite

[2012/09/25 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\DVDVideoSoft

[2012/10/25 04:24:21 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Electronic Arts

[2012/09/06 23:02:17 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Registry Mechanic

[2012/10/09 22:06:27 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Sports Interactive

[2012/03/26 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Toshiba

[2012/02/03 22:06:35 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\TOSHIBA Online Product Information

[2012/11/15 02:03:43 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\Uniblue

[2012/12/18 06:50:28 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\uTorrent

[2012/09/04 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\Buddha Watt\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

You need to tell me IF the coupondropdown / 1clickdownload adwares are gone !!!

Proceed with the following.

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :files
    C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\TorrentHandler@TorrentHandler.com.xpi
    C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
    C:\Users\Buddha Watt\AppData\Roaming\Mozilla\Firefox\Profiles\u25wcabf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    recycler /alldrives
    :Commands
    [purity]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open. That is to include Closing Internet Explorer, Chrome, Firefox !!!
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.