DDS & Attatch for my other post.

rossjerram · March 18, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Ross at 18:45:54 on 2013-03-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.4044.1823 [GMT 13:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\WUDFHost.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ross\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wuauclt.exe

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://toshiba.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: {E260A9BB-5EED-4AB2-9E9E-DF34E9772CDA} - <orphaned>

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRunOnce: [boot] C:\Users\Ross\AppData\Roaming\Apple Computer\loader.jar

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3}\45E4341405431353231344 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3}\865616478656273713 : DHCPNameServer = 122.56.237.1 210.55.111.1

TCP: Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3}\A4F69736560275962756C6563737 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3}\D49794E6475627E65647 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{551AFB7D-89D0-4932-91FA-CA969C3D771C} : DHCPNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2011-08-01 20:20; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.searchya_i.hmpg - true

FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA

FF - user.js: extensions.searchya_i.dfltSrch - true

FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!

FF - user.js: extensions.searchya_i.dnsErr - true

FF - user.js: extensions.searchya_i.newTab - true

FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA

FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA&q=

FF - user.js: extensions.searchya_i.id - 9039d3500000000000000aa3c478cbb7

FF - user.js: extensions.searchya_i.instlDay - 15493

FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.011:47:03

FF - user.js: extensions.searchya_i.prtnrId - ironsrc

FF - user.js: extensions.searchya_i.prdct - searchya

FF - user.js: extensions.searchya_i.aflt - dcom

FF - user.js: extensions.searchya_i.smplGrp - none

FF - user.js: extensions.searchya_i.tlbrId - base

FF - user.js: extensions.searchya_i.instlRef - dcom-100

FF - user.js: extensions.searchya_i.dfltLng -

FF - user.js: extensions.searchya_i.excTlbr - false

FF - user.js: extentions.y2layers.installId - 332e5ae3-8161-401b-a416-fc4ff76fdd7a

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-11-26 283200]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]

R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-16 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-16 682344]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-12-5 517632]

R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-16 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-16 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-16 168384]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-2 3560800]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-12-9 267192]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-16 2656280]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-18 23552]

R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2010-10-19 42096]

R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2009-2-13 292864]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-9 76912]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-16 24176]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-16 35008]

R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-16 12800]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-9 137632]

R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-7-16 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-16 250984]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-16 307304]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-16 54136]

S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-21 822704]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-17 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]

S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\windows\System32\drivers\zghsdiag.sys [2011-1-13 122624]

S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\windows\System32\drivers\zghsmdm.sys [2011-1-13 122624]

S3 zghsnmea;ZTE General Handset NMEA Port;C:\windows\System32\drivers\zghsnmea.sys [2011-1-13 122624]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-03-18 05:11:26 -------- d-----w- C:\Program Files\Core Temp

2013-03-18 05:10:11 -------- d-----w- C:\ProgramData\APN

2013-03-17 21:06:28 -------- d-----w- C:\Users\Ross\AppData\Local\Razer

2013-03-17 20:56:57 -------- d-----w- C:\Users\Ross\AppData\Local\CrashRpt

2013-03-17 20:55:32 -------- d-----w- C:\Program Files (x86)\MyPC Backup

2013-03-17 20:48:50 -------- d-----w- C:\Users\Ross\AppData\Roaming\Yontoo

2013-03-17 20:48:49 -------- d-----w- C:\Program Files (x86)\Yontoo

2013-03-17 20:48:29 -------- d-----w- C:\ProgramData\Tarma Installer

2013-03-17 05:27:48 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9D86803-4EF5-4D05-AB74-7E2D13158441}\mpengine.dll

2013-03-16 12:33:12 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-16 05:25:52 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 05:19:29 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2013-03-16 05:19:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-03-15 22:58:52 -------- d-----w- C:\Stinger_Quarantine

2013-03-15 22:58:39 -------- d-----w- C:\Program Files (x86)\stinger

2013-03-15 21:46:34 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CEDE4B3-33F1-4D23-A97F-B2B68475B273}\gapaengine.dll

2013-03-15 21:44:30 -------- d-----w- C:\Users\Ross\AppData\Roaming\Malwarebytes

2013-03-15 21:44:22 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-15 21:44:21 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-03-15 21:44:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-15 21:44:10 -------- d-----w- C:\Users\Ross\AppData\Local\Programs

2013-03-15 21:42:34 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-03-15 21:42:26 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-03-13 04:43:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-03-13 04:43:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-03-05 02:06:48 4126720 ----a-w- C:\Program Files (x86)\GUT8354.tmp

2013-03-05 01:46:40 -------- d-----w- C:\Program Files\AVAST Software

2013-03-05 01:45:09 -------- d-----w- C:\ProgramData\AVAST Software

2013-03-02 08:01:42 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2013-03-02 07:31:34 -------- d-----w- C:\Program Files (x86)\TeamViewer

2013-03-01 09:22:34 -------- d-----w- C:\windows\pss

2013-03-01 09:01:07 98304 ----a-w- C:\windows\SysWow64\CmdLineExt.dll

2013-02-27 07:48:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-27 07:46:25 -------- d-----w- C:\Program Files\iTunes

2013-02-27 07:46:25 -------- d-----w- C:\Program Files\iPod

2013-02-27 07:46:25 -------- d-----w- C:\Program Files (x86)\iTunes

2013-02-21 05:29:59 -------- d-----w- C:\Program Files (x86)\EA Games

2013-02-21 05:28:23 -------- d-----w- C:\Users\Ross\AppData\Local\Electronic_Arts_Inc

.

==================== Find3M ====================

.

2013-03-16 05:25:46 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-03-16 05:25:45 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-03-15 22:43:03 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 22:43:03 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe

2013-01-20 02:59:04 230320 ----a-w- C:\windows\System32\drivers\MpFilter.sys

2013-01-20 02:59:04 130008 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 18:47:05.83 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 16/07/2011 6:43:36 p.m.

System Uptime: 18/03/2013 6:03:27 p.m. (0 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2301/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 479.693 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart B110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart B110 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: AVG AVI Loader Driver

Device ID: ROOT\LEGACY_AVGLDX64\0000

Manufacturer:

Name: AVG AVI Loader Driver

PNP Device ID: ROOT\LEGACY_AVGLDX64\0000

Service: Avgldx64

.

==== System Restore Points ===================

.

RP169: 16/03/2013 3:15:12 p.m. - Installed League of Legends

RP170: 16/03/2013 6:24:28 p.m. - Installed Java 7 Update 17

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

4K Video Downloader 2.5

64 Bit HP CIO Components Installer

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Amazon Kindle For PC v1.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Bluetooth Filter Driver Package

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Auto Mouse Click version 1.1

AVG 2013

B110

Bluetooth Stack for Windows by Toshiba

Bonjour

BufferChm

Camtasia Studio 7

CCleaner

CodecC

Conexant HD Audio

Core Temp 1.0 RC5

Coupon Printer for Windows

D3DX10

DAEMON Tools Lite

Destinations

DeviceDiscovery

eReg

Game Booster 3

Google Chrome

Google Talk Plugin

GPBaseService2

HDAUDIO Soft Data Fax Modem with SmartCP

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

Hyperionics DB Toolbar

Indeo® Software

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Java 7 Update 17

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

League of Legends

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Primary Interoperability Assemblies 2005

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0 (x86 en-GB)

Mozilla Firefox 15.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

PlayReady PC Runtime amd64

PS_AIO_07_B110_SW_Min

QuickTime

QuickTransfer

RAR File Open Knife - Free Opener

Razer Game Booster

Realtek USB 2.0 Reader Driver

RuneScape Launcher 1.2

RuneScape Launcher 1.2.2

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shop for HP Supplies

Skype Toolbars

Skype™ 6.1

SmartWebPrinting

SolutionCenter

Spotify

Spybot - Search & Destroy

Status

Synaptics Pointing Device Driver

TeamViewer 8

Telecom Broadband Assist

Toolbox

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA PC Health Monitor

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Vegas Pro 10.0 (64-bit)

Ventrilo Client

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 1.0.1

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yontoo 2.05

.

==== Event Viewer Messages From Past Week ========

.

18/03/2013 6:04:23 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64

18/03/2013 6:03:53 p.m., Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.

18/03/2013 6:03:48 p.m., Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.

18/03/2013 2:12:20 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

18/03/2013 2:12:20 p.m., Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

18/03/2013 10:45:04 a.m., Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

18/03/2013 10:45:04 a.m., Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.

18/03/2013 10:44:57 a.m., Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

18/03/2013 10:14:50 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

18/03/2013 10:14:47 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

18/03/2013 10:14:47 a.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/03/2013 11:58:53 a.m., Error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).

16/03/2013 10:23:14 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2791765).

16/03/2013 10:01:21 a.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\athihvs.dll Error Code: 21

16/03/2013 10:01:16 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 spldr

16/03/2013 10:01:01 a.m., Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

16/03/2013 10:01:01 a.m., Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

.

==== End Of File ===========================

MrCharlie · March 18, 2013

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

rossjerram · March 19, 2013

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ross [Admin rights]

Mode : Scan -- Date : 03/19/2013 17:30:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\RunOnce : Boot (C:\Users\Ross\AppData\Roaming\Apple Computer\loader.jar ) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3811417263-890335572-2532902937-1000[...]\RunOnce : Boot (C:\Users\Ross\AppData\Roaming\Apple Computer\loader.jar ) [-] -> FOUND

[TASK][sUSP PATH] AllmyappsUpdateTask : c:\users\ross\appdata\roaming\allmyapps\allmyappsupdater.exe check startup [x] -> FOUND

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ross\AppData\Local\Temp\IHU3DD5.tmp.exe [x] -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++

--- User ---

[MBR] faf4ca7a8363bdd69dd88b0b09c84b72

[bSP] 149697139cb5540574d9072921c9f940 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596137 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1223962624 | Size: 12842 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03192013_02d1730.txt >>

RKreport[1]_S_03192013_02d1730.txt

MrCharlie · March 19, 2013

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

Looks like you have multiply anti-virus programs installed, please make sure Windows Defender is permanently disabled:

http://www.howtogeek...ow-turn-it-off/

Then pick either AVG or MSE as your anti-virus and uninstall the other. (I recommend keeping MSE and uninstall AVG but that's up to you)

Next......

Please uninstall these from your add/remove programs:

Yontoo 2.05

Hyperionics DB Toolbar

Then............

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

MrCharlie · March 21, 2013

How are we doing??

Do you still need help or can I close this post??

MrC

rossjerram · March 22, 2013

sorry i didnt get an email for your last post. i will uninstall avg now and get back to you, i think i will still need help

rossjerram · March 22, 2013

it wouldnt let me uninstall AVG, when i clicked uninstall it did nothing, i clicked it again and it tells me to wait for it to uninstall. so i had to uninstall MSE

rossjerram · March 22, 2013

i had to uninstall MSE because every time i clicked uninstall AVG it did nothing. I wanted to keep MSE i will probably change it soon once this is all sorted.

rossjerram · March 22, 2013

No malware was found and no cleanup required.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4240293888, free: 1974943744

------------ Kernel report ------------

03/22/2013 16:34:48

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\System32\Drivers\tosrfcom.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\DRIVERS\QIOMem.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\tosporte.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\CHDRT64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\DRIVERS\tosrfusb.sys

\SystemRoot\system32\DRIVERS\tosrfbd.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\Tosrfhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006924060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004a47050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.03.22.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006924060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80067c9910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006924060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a47050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00dde4120, 0xfffffa8006924060, 0xfffffa8006935790

Lower DeviceData: 0xfffff8a00dc61f30, 0xfffffa8004a47050, 0xfffffa80043a94c0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3B3A6541

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 3074048 Numsec = 1220888576

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 1223962624 Numsec = 26300416

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

MrCharlie · March 22, 2013

To uninstall AVG 13, check the link below:

http://forums.avg.co...=show&id=215517

----------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

rossjerram · March 22, 2013

ComboFix 13-03-21.02 - Ross 23/03/2013 10:13:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.4044.2141 [GMT 13:00]

Running from: c:\users\Ross\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll

c:\users\Ross\AppData\Roaming\app

c:\users\Ross\AppData\Roaming\app\Jerakine_lang.dat

c:\users\Ross\AppData\Roaming\app\Jerakine_lang_vesrion.dat

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))

.

2013-03-22 21:19 . 2013-03-22 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-22 21:14 . 2013-03-22 21:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506C60FB-5735-40EF-8176-F5BC1BD19F00}\offreg.dll

2013-03-22 03:45 . 2013-02-18 15:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506C60FB-5735-40EF-8176-F5BC1BD19F00}\mpengine.dll

2013-03-21 00:48 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-18 05:11 . 2013-03-18 05:12 -------- d-----w- c:\program files\Core Temp

2013-03-18 05:10 . 2013-03-18 05:10 -------- d-----w- c:\programdata\APN

2013-03-17 21:06 . 2013-03-17 21:06 -------- d-----w- c:\users\Ross\AppData\Local\Razer

2013-03-17 21:04 . 2013-03-17 21:04 -------- d-----w- c:\programdata\Razer

2013-03-17 21:04 . 2013-03-17 21:04 -------- d-----w- c:\program files (x86)\Razer

2013-03-17 20:56 . 2013-03-17 20:56 -------- d-----w- c:\users\Ross\AppData\Local\CrashRpt

2013-03-17 20:55 . 2013-03-17 20:58 -------- d-----w- c:\program files (x86)\MyPC Backup

2013-03-17 20:48 . 2013-03-22 03:30 -------- d-----w- c:\programdata\Tarma Installer

2013-03-16 05:25 . 2013-03-16 05:25 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 05:19 . 2009-01-24 23:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-03-16 05:19 . 2013-03-16 05:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-03-15 22:58 . 2013-03-15 22:58 -------- d-----w- C:\Stinger_Quarantine

2013-03-15 22:58 . 2013-03-16 01:51 -------- d-----w- c:\program files (x86)\stinger

2013-03-15 21:44 . 2013-03-15 21:44 -------- d-----w- c:\users\Ross\AppData\Roaming\Malwarebytes

2013-03-15 21:44 . 2013-03-15 21:44 -------- d-----w- c:\programdata\Malwarebytes

2013-03-15 21:44 . 2013-03-15 21:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-15 21:44 . 2012-12-14 03:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-15 21:44 . 2013-03-15 21:44 -------- d-----w- c:\users\Ross\AppData\Local\Programs

2013-03-13 08:55 . 2013-03-15 21:21 -------- d-----w- c:\program files\Microsoft Silverlight

2013-03-13 04:43 . 2013-03-22 21:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-03-13 04:43 . 2013-03-15 20:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-03-05 02:06 . 2013-03-05 02:06 4126720 ----a-w- c:\program files (x86)\GUT8354.tmp

2013-03-05 01:46 . 2013-03-05 01:46 -------- d-----w- c:\program files\AVAST Software

2013-03-05 01:45 . 2013-03-05 01:46 -------- d-----w- c:\programdata\AVAST Software

2013-03-02 08:01 . 2013-03-02 08:01 -------- d-----w- c:\program files (x86)\Rockstar Games

2013-03-02 07:45 . 2013-03-15 21:13 -------- d-----w- c:\program files\7-Zip

2013-03-02 07:31 . 2013-03-02 07:31 -------- d-----w- c:\program files (x86)\TeamViewer

2013-03-01 09:01 . 2013-03-01 09:01 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll

2013-02-27 07:48 . 2013-02-27 07:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-27 07:46 . 2013-02-27 07:46 -------- d-----w- c:\program files\iTunes

2013-02-27 07:46 . 2013-02-27 07:46 -------- d-----w- c:\program files (x86)\iTunes

2013-02-27 07:46 . 2013-02-27 07:46 -------- d-----w- c:\program files\iPod

2013-02-21 05:29 . 2013-02-21 05:29 -------- d-----w- c:\program files (x86)\EA Games

2013-02-21 05:28 . 2013-02-21 05:28 -------- d-----w- c:\users\Ross\AppData\Local\Electronic_Arts_Inc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-16 05:25 . 2012-10-01 05:29 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-16 05:25 . 2011-02-11 05:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 22:43 . 2012-06-13 19:07 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-15 22:43 . 2011-07-31 05:09 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 21:24 . 2011-07-19 19:47 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-02-12 05:45 . 2013-03-15 21:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-15 21:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-15 21:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-15 21:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-15 21:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-15 21:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-16 12:28 . 2011-07-16 07:12 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:53 . 2013-02-15 02:35 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-15 02:35 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-15 02:35 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-15 02:35 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-15 02:35 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-15 02:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-15 02:35 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-15 02:35 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-15 02:35 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-15 02:35 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-15 02:35 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-15 02:35 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-15 02:35 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\Hyperionics DB Toolbar\tbcore3.dll" [2011-05-27 2399744]

.

[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]

[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-07 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-17 2475384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-01 185696]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-07 161536]

R3 ALSysIO;ALSysIO;c:\users\Ross\AppData\Local\Temp\ALSysIO64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-27 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]

R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-12 122624]

R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-12 122624]

R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-12 122624]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-14 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-20 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-13 40800]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-20 200032]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-26 283200]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-17 517632]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 22:43]

.

2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811417263-890335572-2532902937-1000Core.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 05:54]

.

2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811417263-890335572-2532902937-1000UA.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 05:54]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=

FF - ExtSQL: !HIDDEN! 2011-08-01 20:20; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: extensions.searchya_i.hmpg - true

FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA

FF - user.js: extensions.searchya_i.dfltSrch - true

FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!

FF - user.js: extensions.searchya_i.dnsErr - true

FF - user.js: extensions.searchya_i.newTab - true

FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA

FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA&q=

FF - user.js: extensions.searchya_i.id - 9039d3500000000000000aa3c478cbb7

FF - user.js: extensions.searchya_i.instlDay - 15493

FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.011:47

FF - user.js: extensions.searchya_i.prtnrId - ironsrc

FF - user.js: extensions.searchya_i.prdct - searchya

FF - user.js: extensions.searchya_i.aflt - dcom

FF - user.js: extensions.searchya_i.smplGrp - none

FF - user.js: extensions.searchya_i.tlbrId - base

FF - user.js: extensions.searchya_i.instlRef - dcom-100

FF - user.js: extensions.searchya_i.dfltLng -

FF - user.js: extensions.searchya_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{E260A9BB-5EED-4AB2-9E9E-DF34E9772CDA} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\CodecC\uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000009

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-23 10:22:08

ComboFix-quarantined-files.txt 2013-03-22 21:22

.

Pre-Run: 516,389,269,504 bytes free

Post-Run: 516,036,063,232 bytes free

.

- - End Of File - - EB1D8826B0B6CEB621D453706D974A4C

MrCharlie · March 22, 2013

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

rossjerram · March 23, 2013

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 07:25:31

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ross - ROSS-PC

# Boot Mode : Normal

# Running from : C:\Users\Ross\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

File Found : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\searchplugins\Conduit.xml

File Found : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\searchplugins\searchya.xml

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Ross\AppData\Local\OpenCandy

Folder Found : C:\Users\Ross\AppData\LocalLow\AVG Security Toolbar

Folder Found : C:\Users\Ross\AppData\LocalLow\Toolbar4

Folder Found : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\SweetIMToolbarData

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Somoto Toolbar

Key Found : HKCU\Software\StartSearch

Key Found : HKCU\Software\SMTTB2009

Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar

Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E260A9BB-5EED-4AB2-9E9E-DF34E9772CDA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}

Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}

Key Found : HKLM\SOFTWARE\Software

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-GB)

File : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.defaultthis.engineName", "RuneScape Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&Sea[...]

Found : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{66E978CD-981F-47DF-AC42-E3C[...]

Found : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]

Found : user_pref("extensions.searchya.admin", false);

Found : user_pref("extensions.searchya.aflt", "dcom");

Found : user_pref("extensions.searchya.cntry", "NZ");

Found : user_pref("extensions.searchya.dfltLng", "");

Found : user_pref("extensions.searchya.dfltSrch", true);

Found : user_pref("extensions.searchya.excTlbr", false);

Found : user_pref("extensions.searchya.hdrMd5", "A38E59E014D6B7E6A16A4E69A7C18ECB");

Found : user_pref("extensions.searchya.hmpg", true);

Found : user_pref("extensions.searchya.id", "9039d3500000000000000aa3c478cbb7");

Found : user_pref("extensions.searchya.instlDay", "15493");

Found : user_pref("extensions.searchya.instlRef", "dcom-100");

Found : user_pref("extensions.searchya.isDcmntCmplt", true);

Found : user_pref("extensions.searchya.lastVrsnTs", "1.5.13.011:47:03");

Found : user_pref("extensions.searchya.mntrvrsn", "1.2.0");

Found : user_pref("extensions.searchya.newTab", true);

Found : user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&cd=[...]

Found : user_pref("extensions.searchya.noFFXTlbr", false);

Found : user_pref("extensions.searchya.prdct", "searchya");

Found : user_pref("extensions.searchya.prtnrId", "ironsrc");

Found : user_pref("extensions.searchya.sg", "none");

Found : user_pref("extensions.searchya.smplGrp", "none");

Found : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");

Found : user_pref("extensions.searchya.tlbrId", "base");

Found : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078&c[...]

Found : user_pref("extensions.searchya.vrsn", "1.5.13.0");

Found : user_pref("extensions.searchya.vrsnTs", "1.5.13.011:47:03");

Found : user_pref("extensions.searchya.vrsni", "1.5.13.0");

Found : user_pref("extensions.searchya_i.aflt", "dcom");

Found : user_pref("extensions.searchya_i.dfltLng", "");

Found : user_pref("extensions.searchya_i.dfltSrch", true);

Found : user_pref("extensions.searchya_i.dnsErr", true);

Found : user_pref("extensions.searchya_i.excTlbr", false);

Found : user_pref("extensions.searchya_i.hmpg", true);

Found : user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=dcom-100&s=0&cr=1485742078&cd=[...]

Found : user_pref("extensions.searchya_i.id", "9039d3500000000000000aa3c478cbb7");

Found : user_pref("extensions.searchya_i.instlDay", "15493");

Found : user_pref("extensions.searchya_i.instlRef", "dcom-100");

Found : user_pref("extensions.searchya_i.newTab", true);

Found : user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&c[...]

Found : user_pref("extensions.searchya_i.prdct", "searchya");

Found : user_pref("extensions.searchya_i.prtnrId", "ironsrc");

Found : user_pref("extensions.searchya_i.smplGrp", "none");

Found : user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");

Found : user_pref("extensions.searchya_i.tlbrId", "base");

Found : user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078[...]

Found : user_pref("extensions.searchya_i.vrsn", "1.5.13.0");

Found : user_pref("extensions.searchya_i.vrsnTs", "1.5.13.011:47:03");

Found : user_pref("extensions.searchya_i.vrsni", "1.5.13.0");

Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Found : user_pref("sweetim.toolbar.mode.debug", "false");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.runescape.com/");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.com/search?&q=");

Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Found : user_pref("sweetim.toolbar.search.history.capacity", "10");

Found : user_pref("sweetim.toolbar.searchguard.enable", "true");

Found : user_pref("sweetim.toolbar.simapp_id", "{0F507DF5-161F-11E1-8E32-E89A8F04AA0D}");

Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17219 octets] - [24/03/2013 07:25:31]

########## EOF - C:\AdwCleaner[R1].txt - [17280 octets] ##########

MrCharlie · March 23, 2013

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

rossjerram · March 23, 2013

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 07:27:51

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ross - ROSS-PC

# Boot Mode : Normal

# Running from : C:\Users\Ross\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

File Deleted : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\searchplugins\searchya.xml

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Ross\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Ross\AppData\LocalLow\AVG Security Toolbar

Folder Deleted : C:\Users\Ross\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\SweetIMToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto Toolbar

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\SMTTB2009

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E260A9BB-5EED-4AB2-9E9E-DF34E9772CDA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-GB)

File : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\prefs.js

C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "RuneScape Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&Sea[...]

Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{66E978CD-981F-47DF-AC42-E3C[...]

Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]

Deleted : user_pref("extensions.searchya.admin", false);

Deleted : user_pref("extensions.searchya.aflt", "dcom");

Deleted : user_pref("extensions.searchya.cntry", "NZ");

Deleted : user_pref("extensions.searchya.dfltLng", "");

Deleted : user_pref("extensions.searchya.dfltSrch", true);

Deleted : user_pref("extensions.searchya.excTlbr", false);

Deleted : user_pref("extensions.searchya.hdrMd5", "A38E59E014D6B7E6A16A4E69A7C18ECB");

Deleted : user_pref("extensions.searchya.hmpg", true);

Deleted : user_pref("extensions.searchya.id", "9039d3500000000000000aa3c478cbb7");

Deleted : user_pref("extensions.searchya.instlDay", "15493");

Deleted : user_pref("extensions.searchya.instlRef", "dcom-100");

Deleted : user_pref("extensions.searchya.isDcmntCmplt", true);

Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.13.011:47:03");

Deleted : user_pref("extensions.searchya.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.searchya.newTab", true);

Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&cd=[...]

Deleted : user_pref("extensions.searchya.noFFXTlbr", false);

Deleted : user_pref("extensions.searchya.prdct", "searchya");

Deleted : user_pref("extensions.searchya.prtnrId", "ironsrc");

Deleted : user_pref("extensions.searchya.sg", "none");

Deleted : user_pref("extensions.searchya.smplGrp", "none");

Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");

Deleted : user_pref("extensions.searchya.tlbrId", "base");

Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078&c[...]

Deleted : user_pref("extensions.searchya.vrsn", "1.5.13.0");

Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.13.011:47:03");

Deleted : user_pref("extensions.searchya.vrsni", "1.5.13.0");

Deleted : user_pref("extensions.searchya_i.aflt", "dcom");

Deleted : user_pref("extensions.searchya_i.dfltLng", "");

Deleted : user_pref("extensions.searchya_i.dfltSrch", true);

Deleted : user_pref("extensions.searchya_i.dnsErr", true);

Deleted : user_pref("extensions.searchya_i.excTlbr", false);

Deleted : user_pref("extensions.searchya_i.hmpg", true);

Deleted : user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=dcom-100&s=0&cr=1485742078&cd=[...]

Deleted : user_pref("extensions.searchya_i.id", "9039d3500000000000000aa3c478cbb7");

Deleted : user_pref("extensions.searchya_i.instlDay", "15493");

Deleted : user_pref("extensions.searchya_i.instlRef", "dcom-100");

Deleted : user_pref("extensions.searchya_i.newTab", true);

Deleted : user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1485742078&c[...]

Deleted : user_pref("extensions.searchya_i.prdct", "searchya");

Deleted : user_pref("extensions.searchya_i.prtnrId", "ironsrc");

Deleted : user_pref("extensions.searchya_i.smplGrp", "none");

Deleted : user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");

Deleted : user_pref("extensions.searchya_i.tlbrId", "base");

Deleted : user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1485742078[...]

Deleted : user_pref("extensions.searchya_i.vrsn", "1.5.13.0");

Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.13.011:47:03");

Deleted : user_pref("extensions.searchya_i.vrsni", "1.5.13.0");

Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.runescape.com/");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.com/search?&q=");

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");

Deleted : user_pref("sweetim.toolbar.simapp_id", "{0F507DF5-161F-11E1-8E32-E89A8F04AA0D}");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17274 octets] - [24/03/2013 07:25:31]

AdwCleaner[R2].txt - [17335 octets] - [24/03/2013 07:27:14]

AdwCleaner[s1].txt - [17854 octets] - [24/03/2013 07:27:51]

########## EOF - C:\AdwCleaner[s1].txt - [17915 octets] ##########

This one opened after i deleted the things and i restarted my computer. not sure if its different.

MrCharlie · March 23, 2013

How the computer now?? MrC

rossjerram · March 24, 2013

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 13:39:40

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ross - ROSS-PC

# Boot Mode : Normal

# Running from : C:\Users\Ross\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-GB)

File : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17274 octets] - [24/03/2013 07:25:31]

AdwCleaner[R2].txt - [17335 octets] - [24/03/2013 07:27:14]

AdwCleaner[R3].txt - [1115 octets] - [24/03/2013 13:39:20]

AdwCleaner[s1].txt - [17909 octets] - [24/03/2013 07:27:51]

AdwCleaner[s2].txt - [1047 octets] - [24/03/2013 13:39:40]

########## EOF - C:\AdwCleaner[s2].txt - [1107 octets] ##########

rossjerram · March 24, 2013

Still running slowly

rossjerram · March 24, 2013

And using lots of CPU to run very little processes

rossjerram · March 24, 2013

currently using 90-100% CPU to run chrome with 3 tabs and skype. possibly an external problem with the computer im not sure. maybe reinstalling windows will help

MrCharlie · March 24, 2013

Check your task manager and see what's using up the cpu.

MrC

rossjerram · March 25, 2013

Thats the thing, the biggest programs are skype and gogle chrome, totaling up the K used by my processes it adds up to around 500,000k but when i used to be able to play games sometimes they would use 1,000,000k and my computer would still run fine and not use 100% CPU. So I really have no idea why it does this.... can post screenies if you would like, i also have teamviewer

MrCharlie · March 25, 2013

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

rossjerram · March 25, 2013

OTL logfile created on: 3/26/2013 7:26:39 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ross\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.95 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 36.50% Memory free

7.90 Gb Paging File | 5.09 Gb Available in Paging File | 64.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.17 Gb Total Space | 479.98 Gb Free Space | 82.45% Space Free | Partition Type: NTFS

Computer Name: ROSS-PC | User Name: Ross | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 07:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe

PRC - [2013/02/27 01:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2010/12/21 14:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/21 14:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/04 10:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2010/11/21 01:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009/07/29 16:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2009/03/11 14:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/11 13:22:06 | 000,459,728 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll

MOD - [2013/03/11 13:22:05 | 012,662,224 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

MOD - [2013/03/11 13:22:04 | 004,050,896 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll

MOD - [2013/03/11 13:21:18 | 000,596,944 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll

MOD - [2013/03/11 13:21:18 | 000,124,368 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll

MOD - [2013/03/11 13:21:16 | 001,552,848 | ---- | M] () -- C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

========== Services (SafeList) ==========

SRV:64bit: - [2011/09/28 08:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2010/12/21 14:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2010/12/10 13:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/12/09 11:55:26 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/12/09 11:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2010/10/21 10:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/23 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 14:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/03/16 11:43:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/27 01:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/09/07 20:15:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/12/21 14:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/21 14:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/30 10:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/04/13 06:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/29 12:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/30 07:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2009/03/11 14:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/26 22:21:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/02 19:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 19:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/04 15:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/28 11:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)

DRV:64bit: - [2011/01/28 08:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/01/28 04:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/21 06:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)

DRV:64bit: - [2011/01/13 13:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)

DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)

DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)

DRV:64bit: - [2010/12/18 15:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/12/02 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/12/01 10:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2010/11/30 07:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)

DRV:64bit: - [2010/11/21 02:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 00:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/12 06:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV:64bit: - [2010/11/09 08:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/10/20 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/19 10:14:02 | 000,042,096 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010/09/23 20:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/08/31 06:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV:64bit: - [2010/06/19 12:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)

DRV:64bit: - [2010/04/27 07:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV:64bit: - [2009/08/10 10:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/31 16:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/25 07:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)

DRV:64bit: - [2009/07/15 11:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 13:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/14 13:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/25 11:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/06/23 13:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/20 15:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/18 08:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)

DRV:64bit: - [2009/06/16 10:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)

DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/30 07:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/02/13 18:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/02/13 18:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/02/13 18:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2006/06/19 02:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2012/11/13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2011/11/18 10:13:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2011/11/18 10:13:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..\SearchScopes\{007EE59E-5E05-4B25-B48A-FD97616AFABF}: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1485742078&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtA&q={searchTerms}

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..\SearchScopes\{FC096141-20FD-47B1-8274-55112F2D91ED}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.facebook.com"

FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/01 21:20:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:15:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/01 21:20:02 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:15:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/31 20:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Extensions

[2013/03/22 16:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\extensions

[2012/07/20 22:58:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\extensions\DivXWebPlayer@divx.com.xpi

[2011/12/28 14:02:32 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

[2012/07/25 19:31:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\t0oikoxd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/09/07 20:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/09/07 20:15:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/09 17:26:23 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/08/31 08:27:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/09 17:26:23 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/06/09 17:26:23 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/08/31 08:27:23 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/06/09 17:26:23 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.youtube.com/subscriptions/u

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ross\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ross\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: CodecC = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0\

CHR - Extension: AdBlock = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\

CHR - Extension: InstaIl BIack = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgbpepcodlbamkgonlgbnekpdfkebhg\1.0.2_0\

CHR - Extension: Plasma Red = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjmnjgeoffdlnidbahbdpakfibjglmip\1_0\

CHR - Extension: Need for Speed World = C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\

O1 HOSTS File: ([2013/03/23 10:19:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [sDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [windows] C:\windows\system32\system32\windows.exe File not found

O4 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000..\Run: [windows] C:\windows\system32\system32\windows.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3811417263-890335572-2532902937-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4604661E-5EDE-4A73-B44B-EFB9A99AF5F3}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{551AFB7D-89D0-4932-91FA-CA969C3D771C}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/26 07:25:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe

[2013/03/23 21:31:26 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\system32

[2013/03/23 10:38:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/03/23 10:11:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/03/23 10:11:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/03/23 10:11:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/03/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\Ross\Documents\ProcAlyzer Dumps

[2013/03/23 10:04:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/03/23 10:03:45 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/03/23 10:02:48 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Ross\Desktop\ComboFix.exe

[2013/03/22 16:32:15 | 000,000,000 | ---D | C] -- C:\Users\Ross\Desktop\mbar

[2013/03/19 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\Ross\Desktop\RK_Quarantine

[2013/03/18 18:44:24 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ross\Desktop\dds.com

[2013/03/18 18:18:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ross\Desktop\HijackThis.exe

[2013/03/18 18:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp

[2013/03/18 18:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp

[2013/03/18 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Local\Razer

[2013/03/18 10:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

[2013/03/18 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer

[2013/03/18 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

[2013/03/18 10:00:53 | 000,000,000 | ---D | C] -- C:\Users\Ross\Desktop\Download

[2013/03/18 09:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3

[2013/03/18 09:56:57 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Local\CrashRpt

[2013/03/18 09:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

[2013/03/18 09:48:51 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps

[2013/03/16 18:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2013/03/16 18:19:29 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe

[2013/03/16 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2013/03/16 13:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2013/03/16 11:58:52 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine

[2013/03/16 11:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2013/03/16 11:58:23 | 011,077,152 | ---- | C] (McAfee Inc) -- C:\Users\Ross\Desktop\Stinger.exe

[2013/03/16 10:44:30 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Roaming\Malwarebytes

[2013/03/16 10:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/03/16 10:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/03/16 10:44:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2013/03/16 10:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/03/16 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Local\Programs

[2013/03/16 10:41:06 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ross\Documents\mbam-setup-1.70.0.1100.exe

[2013/03/16 10:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/03/15 20:35:50 | 000,000,000 | ---D | C] -- C:\Users\Ross\Documents\wbot

[2013/03/13 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/03/13 17:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/03/13 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/03/05 14:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/03/05 14:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/03/02 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Ross\Documents\Tools

[2013/03/02 21:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

[2013/03/02 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games

[2013/03/02 20:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013/03/02 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2013/03/02 20:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2013/03/02 19:32:19 | 000,000,000 | ---D | C] -- C:\Users\Ross\Documents\Grand Theft Auto San Andreas

[2013/03/01 22:22:34 | 000,000,000 | ---D | C] -- C:\windows\pss

[2013/03/01 22:01:07 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll

[2013/02/27 20:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/02/27 20:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/02/27 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/02/27 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/02/27 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/26 07:29:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811417263-890335572-2532902937-1000UA.job

[2013/03/26 07:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe

[2013/03/26 07:20:56 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/03/26 07:20:56 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/03/26 07:13:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/03/26 07:13:26 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/25 18:42:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/03/25 18:37:34 | 000,000,024 | ---- | M] () -- C:\Users\Ross\random.dat

[2013/03/25 18:25:11 | 000,000,024 | ---- | M] () -- C:\Users\Ross\jagexappletviewer.preferences

[2013/03/25 18:24:55 | 000,000,043 | ---- | M] () -- C:\Users\Ross\jagex_cl_oldschool_LIVE.dat

[2013/03/24 16:35:46 | 000,761,496 | ---- | M] () -- C:\Users\Ross\Desktop\RSBot-4052.jar

[2013/03/24 07:24:54 | 000,609,993 | ---- | M] () -- C:\Users\Ross\Desktop\adwcleaner.exe

[2013/03/23 21:32:39 | 000,001,282 | -H-- | M] () -- C:\Users\Ross\AppData\Roaming\Rosslog.dat

[2013/03/23 10:19:36 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/03/23 10:03:17 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Ross\Desktop\ComboFix.exe

[2013/03/22 19:33:35 | 000,002,046 | ---- | M] () -- C:\Users\Ross\Desktop\Old School RuneScape.lnk

[2013/03/22 16:29:43 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

[2013/03/21 13:49:23 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/03/21 13:49:23 | 000,664,992 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/03/21 13:49:23 | 000,125,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/03/20 08:29:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811417263-890335572-2532902937-1000Core.job

[2013/03/19 17:25:40 | 000,791,040 | ---- | M] () -- C:\Users\Ross\Desktop\RogueKillerX64.exe

[2013/03/18 18:44:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ross\Desktop\dds.com

[2013/03/18 18:18:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ross\Desktop\HijackThis.exe

[2013/03/18 18:11:27 | 000,000,959 | ---- | M] () -- C:\Users\Ross\Desktop\Core Temp.lnk

[2013/03/18 10:05:07 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk

[2013/03/18 09:59:11 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk

[2013/03/16 18:19:37 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/03/16 13:10:41 | 000,001,547 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2013/03/16 11:58:25 | 011,077,152 | ---- | M] (McAfee Inc) -- C:\Users\Ross\Desktop\Stinger.exe

[2013/03/16 10:44:22 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/16 10:42:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ross\Documents\mbam-setup-1.70.0.1100.exe

[2013/03/14 17:41:45 | 000,000,032 | ---- | M] () -- C:\Users\Ross\jagex_cl_runescape_LIVE.dat

[2013/03/03 07:36:18 | 000,438,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/03/02 20:31:38 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2013/03/01 22:01:07 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll

[2013/02/27 20:49:00 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/24 16:35:38 | 000,761,496 | ---- | C] () -- C:\Users\Ross\Desktop\RSBot-4052.jar

[2013/03/24 07:24:46 | 000,609,993 | ---- | C] () -- C:\Users\Ross\Desktop\adwcleaner.exe

[2013/03/23 10:11:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/03/23 10:11:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/03/23 10:11:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/03/23 10:11:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/03/23 10:11:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/03/22 19:32:38 | 000,002,046 | ---- | C] () -- C:\Users\Ross\Desktop\Old School RuneScape.lnk

[2013/03/19 17:25:37 | 000,791,040 | ---- | C] () -- C:\Users\Ross\Desktop\RogueKillerX64.exe

[2013/03/18 18:11:27 | 000,000,959 | ---- | C] () -- C:\Users\Ross\Desktop\Core Temp.lnk

[2013/03/18 10:05:07 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk

[2013/03/18 10:01:49 | 000,001,547 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2013/03/18 09:59:11 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk

[2013/03/16 18:19:37 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013/03/16 18:19:37 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/03/16 10:44:22 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/16 10:42:49 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif

[2013/03/02 20:31:38 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk

[2013/03/02 20:31:38 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2013/02/27 20:46:58 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/02/24 13:41:57 | 000,000,043 | ---- | C] () -- C:\Users\Ross\jagex_cl_oldschool_LIVE.dat

[2013/02/15 18:24:17 | 000,000,045 | ---- | C] () -- C:\Users\Ross\jagex_cl_loginapplet_LIVE.dat

[2012/11/26 22:15:16 | 000,056,320 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll

[2012/10/19 21:53:14 | 000,000,169 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\D2Info0

[2012/10/19 21:53:14 | 000,000,008 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\DofusAppId0_1

[2012/06/27 07:06:20 | 000,000,048 | ---- | C] () -- C:\Users\Ross\jagex_cl_runescape_LIVE_BETA.dat

[2012/06/27 07:06:20 | 000,000,024 | ---- | C] () -- C:\Users\Ross\random.dat

[2012/06/07 16:48:38 | 000,000,044 | ---- | C] () -- C:\Users\Ross\jagex_cl_runescape_LIVE2.dat

[2012/06/03 10:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Ross\jagex__preferences3.dat

[2012/01/19 07:32:55 | 000,007,598 | ---- | C] () -- C:\Users\Ross\AppData\Local\Resmon.ResmonCfg

[2011/10/26 21:00:34 | 000,000,044 | ---- | C] () -- C:\Users\Ross\jagex_cl_runescape_LIVE1.dat

[2011/10/26 19:03:30 | 000,000,032 | ---- | C] () -- C:\Users\Ross\jagex_cl_runescape_LIVE.dat

[2011/10/16 20:18:26 | 000,000,086 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\RSBuddy_bdfg800.ini

[2011/10/07 15:56:28 | 000,000,086 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\RSBuddy_choicebuzz.ini

[2011/10/05 18:43:37 | 000,014,336 | ---- | C] () -- C:\Users\Ross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/21 13:52:57 | 000,000,084 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\RSBuddy_havoccc.ini

[2011/08/02 17:27:03 | 000,765,178 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/01 21:12:11 | 000,208,133 | ---- | C] () -- C:\windows\hpoins47.dat

[2011/07/19 22:05:06 | 000,000,129 | ---- | C] () -- C:\Users\Ross\jagex_runescape_preferences2.dat

[2011/07/19 22:04:59 | 000,000,046 | ---- | C] () -- C:\Users\Ross\jagex_runescape_preferences.dat

[2011/07/19 22:04:50 | 000,000,024 | ---- | C] () -- C:\Users\Ross\jagexappletviewer.preferences

[2011/07/16 20:20:19 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/07/16 20:06:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/07/16 19:18:37 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2005/04/08 15:16:43 | 000,001,282 | -H-- | C] () -- C:\Users\Ross\AppData\Roaming\Rosslog.dat

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 18:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/09 09:52:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2012/11/09 09:52:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012/06/30 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\.minecraft

[2012/03/23 16:05:18 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Audacity

[2013/03/16 10:14:12 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\AVG2013

[2012/03/23 15:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\BSD

[2012/02/09 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\com.w3i.FlipToast

[2013/03/03 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\DAEMON Tools Lite

[2012/10/19 21:53:14 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

[2012/10/19 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Dofus2

[2012/10/27 00:00:46 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\GetRightToGo

[2012/05/24 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Leadertech

[2012/01/13 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\LolClient

[2012/10/26 23:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\OfficeRecovery

[2011/08/01 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\OpenOffice.org

[2011/08/05 23:08:01 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Philipp Winterberg

[2012/10/19 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

[2013/03/16 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Solveig Multimedia

[2012/05/21 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Sony

[2013/01/01 21:38:59 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Spotify

[2011/08/15 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\spotmau

[2011/07/16 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Tific

[2011/07/16 20:06:53 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Toshiba

[2012/11/03 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

rossjerram · March 25, 2013

OTL Extras logfile created on: 3/26/2013 7:26:39 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ross\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.95 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 36.50% Memory free

7.90 Gb Paging File | 5.09 Gb Available in Paging File | 64.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.17 Gb Total Space | 479.98 Gb Free Space | 82.45% Space Free | Partition Type: NTFS

Computer Name: ROSS-PC | User Name: Ross | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0060A1DB-CF57-4F41-AAA7-3AE9DFC96E35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0B95ABF8-81B5-4C01-A280-244F675CF3BE}" = rport=137 | protocol=17 | dir=out | app=system |

"{19CA5D12-27BA-489A-9233-988C03C623D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{1BC85B85-E292-42EA-AFCA-1D8DB7B83F7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{216251F5-E2EE-48EB-A245-4901BF9140B3}" = lport=3960 | protocol=17 | dir=in | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe |

"{21B62DE3-C398-4BC7-ACA0-EBBBB3AD9901}" = lport=3960 | protocol=17 | dir=out | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.exe |

"{27DAF312-CF1E-4B0F-822E-3011C8052F8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3CFEA4CF-0B78-4A93-9651-468E58A7E620}" = rport=138 | protocol=17 | dir=out | app=system |

"{4675DAE2-9112-492C-BA90-DD045BEBB2A4}" = lport=137 | protocol=17 | dir=in | app=system |

"{4CA252D6-0713-4586-8276-01A9CBB10EA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{56D624C0-1097-41D0-99DF-1BAA6426F05C}" = rport=80 | protocol=6 | dir=out | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe |

"{57BFD57A-40C1-4215-B08B-222583DDF261}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{66BE14F0-C29D-4D1B-9150-F14874931B9B}" = lport=3960 | protocol=17 | dir=out | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe |

"{711495AD-1473-42BC-8E86-EC83631BA80C}" = rport=139 | protocol=6 | dir=out | app=system |

"{83DCC320-3614-4414-A321-8FC563D3AFE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{86560458-8363-4523-979D-43D2852221D9}" = rport=80 | protocol=6 | dir=out | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.exe |

"{93E47077-E63B-43F0-B604-3C035D3E7AAA}" = lport=3960 | protocol=17 | dir=in | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.exe |

"{A1C7BD02-F5F5-4833-946D-97FACC618B18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B70FE903-8434-4B6E-A2F6-232630766042}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C18208C4-1A41-4324-AE6A-FC51A07DFE23}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{C247C9BB-6CBA-4053-B37E-869868029BF5}" = lport=139 | protocol=6 | dir=in | app=system |

"{C8326DBA-C3DB-4977-A1F8-6C91B019D695}" = lport=445 | protocol=6 | dir=in | app=system |

"{D1631E82-9CE4-4C20-B23E-8F55F4C9D58C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D478EBC6-5E63-42EF-82F2-8A5EC99463D2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{DB7F449E-1FB5-4F8F-B7DE-8D3A4ECF28C7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{DC81AEB8-0603-439B-A2E0-E5B6DC8B7F25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DF668A44-4A9B-4D55-A469-5C101A3F2C50}" = rport=445 | protocol=6 | dir=out | app=system |

"{EF1BF9A3-BD99-498D-BE73-4B06F82A3B06}" = rport=80 | protocol=6 | dir=out | app=c:\users\ross\appdata\local\warframe\downloaded\public\tools\launcher.exe |

"{F0788A42-6CB9-4B8E-BF95-6367AB6E8E37}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F12CE6ED-6164-4F3D-B273-A12670A1AD7E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{F39C2AC8-F216-497D-A89C-C6888B31785B}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |

"{FA975868-2941-4AE8-8260-A50B546D6E88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FBDDC055-0A0E-4285-A1B4-5FAABA2FCF05}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FC415F0C-5C0E-4909-9ED6-B3EA1B72EB1A}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003CB272-B30C-47D7-BBFA-43B04609DE63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{066D8A57-407A-47FD-9453-4C0387B8EBAF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{06C4F6D9-5EE8-4B83-A949-D391F186EEC9}" = protocol=6 | dir=in | app=c:\users\ross\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{08B944EA-FFF7-4720-B617-3FFD54C2740D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0A30D58B-9401-4F4F-84F3-41D1507292BB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{0CB05382-9136-4137-994E-7D2E4D2AE72B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{0F44C5E8-E374-4083-AC77-82F272187485}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{1129F986-7E26-4E18-AA05-2F3025430537}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{1381A36D-38D5-4327-96A8-0A7F47A05445}" = protocol=6 | dir=out | app=system |

"{15A35F50-6402-4191-B4DF-43C18236D830}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{172B2132-20CD-4649-89CC-27B80C0E7BF2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{184E3A11-8A54-453D-AFD9-B30D8008A276}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1962EAC1-24F7-4ED7-9DA1-FDB29B3EA775}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{22F20A59-41DD-422E-9BFA-698B0339919E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{2329CBF5-9B5D-49D5-9DF0-E1C192FD706D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{26F3E657-8612-4F4D-B8BA-8EE5A9D82995}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2A3429D7-7244-4685-9E1E-82E9958CA270}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{2CF669AD-8D43-4DCE-B2BE-4C3FA49238F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2D020639-7FC2-44BF-8E85-06E7A6308201}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{2D52E5E5-DE6E-4DA1-B68B-C7CCBFE452B9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{307407FF-4042-4D24-B817-18607CC6DDFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{30F90F12-1D30-4C52-9A3E-D3015600E157}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{338E8630-CBA5-4207-9E6C-62A8B4E0A23D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{3549311A-6C76-4856-84DA-71D714F73AB1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{362C138A-7469-4485-8C21-431A81C0E30B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{3EB9E5D9-74C5-42B9-B99D-1475EB0034D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{44EDF731-6682-41D2-91D7-3D8A7A1F16FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{46A9F4EA-1286-403A-92C9-CC6B1FFDA380}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{482CEA75-D53C-4072-B953-A4F68D99A931}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{4A410F52-7432-4694-BAF1-B2DB20D05945}" = dir=in | app=c:\users\ross\appdata\roaming\allmyapps\allmyapps.exe |

"{4C2BF88C-36D6-4ACA-A36A-49B155BE8EEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{4E48C050-9505-4D6B-8E62-DF68716ACF5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{53279625-20A5-4256-957A-D13D349F456A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{53442D3F-9388-4A3B-A5BB-78F62DD507FE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{5457CF21-0542-450B-8DCF-44C4018FB614}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{5699B7D4-F4CA-4B73-A5A0-359EB3F635F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{593A7AF8-5B58-4A22-8D6B-6E1F0759039B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{5ABD0757-42D9-4B55-95CF-1A942770035B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{613B234A-D9C8-4AF5-8A5F-55AEB9EF4F61}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{613FF658-4485-4531-AFAC-1A5E5FA3A0EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6BE42C08-3843-47D4-865A-EE630C16FE0C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{6E0F0022-8160-46AE-A068-25CE2116105D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{6F8881FA-8F7E-48C6-B990-3CD3650B9F3F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{71091969-94E7-4F41-B476-FD129CD106F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{72ED330D-8A14-450F-B8BA-6D31DFF5F958}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{7435B208-CFC5-49AB-BA04-5FDACFD64811}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{751AEC8C-90A1-4BFC-9DCE-00D1A61C0D97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{75EE1D7A-60B4-45E0-A2F6-285607472E14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{77E35564-C046-4AC7-B960-49765EF75C52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8BBC6DDC-06B0-4CCD-8904-40B04CD04E55}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{8E611801-1A62-4FA6-B990-6E51CFFAC182}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{8FF1F526-45D3-4F9C-BED4-F3352D3A8069}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{959CFE41-42F9-458C-8A4B-33B14AEB4585}" = dir=in | app=d:\setup\hpznui40.exe |

"{97CEEC1E-9F7D-477B-8BBA-4C9449456B0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{98FB740B-8844-4259-AEEA-27B973F251FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9BF828E0-AFDD-4E4A-A71D-74B04A684958}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A200A968-D6E1-48C3-A405-83FFDEE75303}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{A374DD11-3AEF-436B-B798-2C7669B14121}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A3EF1A28-0F1E-4703-B5C3-F10E93CC9425}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A99DF875-4A78-45A8-8978-6F8E28AA6938}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{B590AB5E-9AE4-4930-9D46-B34A1C8D4249}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{B8AF4A07-480E-4072-BEE9-AD43DA7584E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{BCA68E2B-0A80-45E7-8989-61858B65339C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C00ABEDB-C32F-4405-8253-5D33853D162A}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{C2A8B313-3EB1-42F7-89B2-54F9FECB1C59}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{C5E8F713-3FE0-47DF-8DEC-540472982C5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{CBAA8A4F-92EC-401E-B919-6F6F9A98ACFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CBB91996-B19D-409D-9329-40C40D67BBFB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{CD4AFA05-DC68-4427-BC7E-F5B04DDF0E22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D07DC52C-7B03-4E67-992B-3B24815248DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{D331A6EA-40F5-405D-AE00-B4F2A1851096}" = dir=in | app=c:\users\ross\appdata\roaming\allmyapps\allmyapps.exe |

"{D3B91131-BF93-4DF1-85F2-A3D6DF9E503D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{DADD9A5D-1D24-4624-9C44-F682AE6F9B52}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{E4CB0436-FDD0-489F-AD40-1CC61B59C3C9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{E62EF796-45D3-4C1F-941A-148FEA80B3A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E67F8368-C656-4569-B30B-F3F85A45C722}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{E6E19CD0-9E04-47A7-B287-91CEED980DB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{EA6ABB76-7651-4A3E-A263-1C8F8088625B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{EC04E1FE-2BB5-4991-9815-ACF5800DF6F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F00E3A95-55C4-436B-8913-2360F3F8E2F7}" = protocol=17 | dir=in | app=c:\users\ross\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{F77B4668-402E-4F72-B460-80D2FA18EFEF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{F9FC1174-8F7C-472F-8477-469EB0F982B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{FB594E13-1C39-4017-9A88-A72A9E70F559}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"TCP Query User{12819676-1036-48FB-B433-26681C1707C7}C:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=6 | dir=in | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe |

"TCP Query User{138ECFE1-2A27-487E-A260-D6E97132807D}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |

"TCP Query User{24D8E641-218E-45C5-82BA-EB2B4E354E16}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"TCP Query User{35981B8C-0793-49A9-8A2F-A6C36C007CBA}C:\users\ross\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\ross\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe |

"TCP Query User{4DFF1530-41D9-42F1-8C9B-982BBFFE4218}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe |

"TCP Query User{83C25E62-B780-4C84-9596-495A9C13F81F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{A9B3291B-FA8A-4D5E-8057-C419D89C87F2}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |

"TCP Query User{BB1686A5-BFFB-4558-A827-EF01F0A8D427}C:\users\ross\desktop\age ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\ross\desktop\age ii\empires2.exe |

"TCP Query User{C4587175-81F4-42B3-9C93-BC131E0CCDAB}C:\users\ross\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ross\appdata\roaming\spotify\spotify.exe |

"TCP Query User{C5076A0C-F901-4583-A350-E6988D1366FF}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe |

"TCP Query User{FBA35E05-6500-4B83-A203-6FE641326FA4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{147B406A-0ADC-4B63-B8B8-2A88A80EAA3B}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |

"UDP Query User{1551BE14-27E6-42EC-9778-ECCDF2E13A18}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |

"UDP Query User{25B406BA-CAC3-4EC7-B806-5125B9DE4B0F}C:\users\ross\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\ross\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe |

"UDP Query User{4673F49E-6A63-46FF-8EA4-D6CC82903BBC}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe |

"UDP Query User{4F5B6941-915D-494F-BF4C-7EBB7611F90C}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe |

"UDP Query User{61B4F1AA-909D-4A81-B47A-CF382C4BD0E1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{82822A6C-93EE-4CA1-A0D5-148B430F21EE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{959FDBDA-9246-4F62-BA28-1FCA0B9E3A61}C:\users\ross\desktop\age ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\ross\desktop\age ii\empires2.exe |

"UDP Query User{A804D337-9B7B-4104-A294-ED08F6623F28}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{B5E1BD30-64FC-426D-AC23-3A53F31E7F2D}C:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=17 | dir=in | app=c:\users\ross\appdata\local\warframe\downloaded\public\warframe.x64.exe |

"UDP Query User{EE911DBD-0827-4946-A03F-1F1402968FD7}C:\users\ross\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ross\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)

"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists

"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"AVG" = AVG 2013

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Shop for HP Supplies" = Shop for HP Supplies

"sp6" = Logitech SetPoint 6.32

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin

"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E0217B26-F1EF-4D07-8448-DDBF8C2843E1}_is1" = Auto Mouse Click version 1.1

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree

"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"4K Video Downloader_is1" = 4K Video Downloader 2.5

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon Kindle For PC" = Amazon Kindle For PC v1.1

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"DAEMON Tools Lite" = DAEMON Tools Lite

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Game Booster_is1" = Game Booster 3

"HP Photo Creations" = HP Photo Creations

"Indeo® Software" = Indeo® Software

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener

"tcnz" = Telecom Broadband Assist

"TeamViewer 8" = TeamViewer 8

"VLC media player" = VLC media player 1.0.1

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3811417263-890335572-2532902937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/20/2012 4:11:30 AM | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/20/2012 4:11:30 AM | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 12293

Error - 10/20/2012 4:11:30 AM | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 12293

Error - 10/22/2012 10:33:33 PM | Computer Name = Ross-PC | Source = Application Hang | ID = 1002

Description = The program LolClient.exe version 2.0.2.12610 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1878 Start

Time: 01cdb0c47099206c Termination Time: 10 Application Path: C:\Riot Games\League

of Legends\RADS\projects\lol_air_client\releases\0.0.0.217\deploy\LolClient.exe

Report

Id: 05563c1d-1cba-11e2-82cf-e89a8f04aa0d

Error - 10/26/2012 6:18:59 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Ross\Desktop\SoftonicDownloader_for_file-undeleter.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/26/2012 6:19:02 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Ross\Desktop\SoftonicDownloader_for_file-undeleter.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/26/2012 6:19:08 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Ross\Desktop\SoftonicDownloader_for_file-undeleter.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/26/2012 6:19:19 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Ross\Desktop\SoftonicDownloader_for_file-undeleter.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/26/2012 6:19:26 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Ross\Desktop\SoftonicDownloader_for_file-undeleter.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/26/2012 6:58:38 AM | Computer Name = Ross-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-3811417263-890335572-2532902937-1000\$R36Z843.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ System Events ]

Error - 3/23/2013 7:07:10 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Avgldx64

Error - 3/23/2013 8:40:54 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error - 3/23/2013 8:40:57 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 3/23/2013 8:41:05 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Avgldx64

Error - 3/24/2013 10:30:23 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error - 3/24/2013 10:30:26 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 3/24/2013 10:30:34 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Avgldx64

Error - 3/25/2013 2:13:33 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error - 3/25/2013 2:13:36 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7024

Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 3/25/2013 2:13:44 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Avgldx64

< End of report >

DDS & Attatch for my other post.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information