BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help for Ireland
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help for Ireland  
Forum Quick Jump
 
New Topic Post reply to : Help for Ireland Printable version of : Help for Ireland
[ << Previous Thread | Next Thread >> ]

Irishguy 7
New Member


Date Joined Jan 2013
Total Posts : 4
 
   Posted 1/6/2013 10:14 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
I have a popup problem in Google Chrome and I have followed the instructions in your page http://forum.bullguard.com/forum/9/Before-posting-a-log_43562.html
 
I am attaching the files and I would appreciate any help! Many thanks
 
HiJack this log
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:40, on 06/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bubbleshooter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll
O3 - Toolbar: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [autoauto] c.bat
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AA473VH05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = surgery.local
O17 - HKLM\Software\..\Telephony: DomainName = surgery.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = surgery.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = surgery.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
--
End of file - 13692 bytes
Malwarebytes log
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.06.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Shay :: SHAY-TOSH [administrator]
06/01/2013 16:53:32
mbam-log-2013-01-06 (16-53-32).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368194
Time elapsed: 1 hour(s), 42 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
 
DDS Log
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Shay at 18:42:08 on 2013-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.353.1033.18.2909.1558 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Real\realplayer\update\realsched.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bubbleshooter.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uURLSearchHooks: {0fc85f5d-6207-4515-a490-45a549d285c0} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - c:\program files\searchresults\searchresultsDx.dll
TB: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - c:\program files\searchresults\searchresultsDx.dll
uRun: [HP Deskjet 3070 B611 series (NET)] "c:\program files\hp\hp deskjet 3070 b611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1AA473VH05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [autoauto] c.bat
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\users\shay\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\shay\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6E6E0797-27BF-4B08-B65F-50D57AF6D72A}\1447C616E64796360284F64756C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6E6E0797-27BF-4B08-B65F-50D57AF6D72A}\847453230337 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88E1ABD6-C842-4D8F-965A-4487CFDBBAEE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\1447C616E64796360284F64756C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\44F4D45402642554540294E4455425E4544502143434543535 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\74C656E6679656770284F64756C6 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\847453230337 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}\E4544574541425 : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-5 13560]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 96896]
R2 LMIGuardianSvc;Support LogMeIn processes with quality assurance feedback;c:\program files\logmein ignition\LMIGuardianSvc.exe [2011-5-17 374160]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-24 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 682344]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-17 1153368]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-5-11 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 21104]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-20 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-4 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1117800]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [2010-6-9 3264]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-20 171520]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-3-31 379904]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1343400]
.
=============== Created Last 30 ================
.
2013-01-06 13:06:01 -------- d-----w- c:\users\shay\appdata\local\{E173668E-72CE-411B-9CF1-2064B5801725}
2013-01-05 21:58:45 -------- d-----w- c:\users\shay\appdata\local\{6797C86C-4210-4081-8469-1B4073D4DBFF}
2013-01-05 14:33:41 -------- d-----w- c:\program files\CCleaner
2013-01-05 08:44:11 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-01-05 08:38:40 -------- d-----w- c:\users\shay\appdata\local\{2413B51D-3DBF-4D26-B2B5-AF39D2D13487}
2013-01-05 08:31:12 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-01-05 08:30:31 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-01-05 08:30:31 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-05 08:29:30 -------- d-----w- c:\users\shay\appdata\local\adawarebp
2013-01-05 08:29:30 -------- d-----w- c:\programdata\blekko toolbars
2013-01-05 08:29:26 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-01-05 08:29:19 -------- d-----w- c:\program files\adawaretb
2013-01-05 08:29:15 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-04 21:10:31 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a6eeb176-ce8c-43be-bfe2-697cb61a8579}\mpengine.dll
2013-01-04 20:38:11 -------- d-----w- c:\users\shay\appdata\local\{CA028A43-5F55-477B-AAAB-B9A7AD2AC714}
2013-01-03 19:22:10 -------- d-----w- c:\users\shay\appdata\local\{2B2BA704-DF6B-4C31-9A43-0C6B3418D467}
2013-01-02 20:42:20 -------- d-----w- c:\users\shay\appdata\local\{01CFDABE-FCC8-449A-9B1F-36861669C05E}
2013-01-02 07:48:41 -------- d-----w- c:\users\shay\appdata\local\{ECC14C1F-DD4B-463F-93EE-A399ABDB3AF9}
2013-01-01 17:18:25 -------- d-----w- c:\users\shay\appdata\local\{F684EBB3-96EF-451D-8E44-F6ABA4FBA15F}
2013-01-01 05:18:01 -------- d-----w- c:\users\shay\appdata\local\{33EE449F-57C2-49F0-BEC1-6F2E5A9DB89F}
2012-12-31 17:05:06 -------- d-----w- c:\users\shay\appdata\local\{7DA3A944-6B35-482D-B78D-0A69C3672FF9}
2012-12-31 13:55:25 -------- d-----w- c:\users\shay\appdata\local\{79C11CA4-FB8D-4F58-8A9E-3F772B1143B7}
2012-12-31 00:36:10 -------- d-----w- c:\users\shay\appdata\local\{547E8236-AA1D-4EC7-B238-78BA1B0DEB42}
2012-12-30 15:18:23 -------- d-----w- c:\users\shay\appdata\local\Programs
2012-12-30 12:35:42 -------- d-----w- c:\users\shay\appdata\local\{A247606C-0604-42ED-A6DF-D30CE75A1C8D}
2012-12-29 23:23:19 -------- d-----w- c:\users\shay\appdata\local\{7E8D8655-9319-4FDF-8BF3-245DFA0454E5}
2012-12-29 08:40:23 -------- d-----w- c:\users\shay\appdata\local\{29D266DE-29CB-4346-A588-B4A4D24B244B}
2012-12-28 20:09:23 -------- d-----w- c:\users\shay\appdata\local\{E7A56651-08AB-4EB5-ACE8-283D14DA8D86}
2012-12-27 19:10:48 -------- d-----w- c:\users\shay\appdata\local\{23068A7B-9C90-4CD1-927B-53079092745E}
2012-12-26 22:39:41 -------- d-----w- c:\users\shay\appdata\local\{D78274B8-F464-4688-A417-ABA46E670711}
2012-12-26 09:49:54 -------- d-----w- c:\users\shay\appdata\local\{C93D4C4F-BB2E-4E21-B0FC-324969994E23}
2012-12-25 21:49:29 -------- d-----w- c:\users\shay\appdata\local\{164A1125-A944-4F6D-AAC3-C894FF3F9B82}
2012-12-25 09:26:29 -------- d-----w- c:\users\shay\appdata\local\{F5DF4EAB-B124-4FCD-90F9-F4D702A663AB}
2012-12-24 14:50:27 -------- d-----w- c:\users\shay\appdata\local\{5361CF19-A55E-4F6A-A948-2BA19C7B1BBF}
2012-12-23 20:27:59 -------- d-----w- c:\users\shay\appdata\local\{EF094FDB-31AA-40B8-880B-4E5E231C9CC5}
2012-12-23 07:47:57 -------- d-----w- c:\users\shay\appdata\local\{736DBC96-174D-4C13-ACFF-FAC9F097C01E}
2012-12-22 10:29:51 -------- d-----w- c:\users\shay\appdata\local\{1010F0A8-7128-4E23-BC85-93AE9F9A9666}
2012-12-21 21:10:06 -------- d-----w- c:\users\shay\appdata\local\{9B9B4683-D368-41B6-A647-849AAE4EC32C}
2012-12-21 06:49:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:49:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:49:07 -------- d-----w- c:\users\shay\appdata\local\{3A6658EA-45C7-47D2-8A1D-E39A361FA1C1}
2012-12-20 18:19:13 -------- d-----w- c:\users\shay\appdata\local\{28E9E078-B136-4417-BF7A-6E3F43107279}
2012-12-19 12:10:53 -------- d-----w- c:\users\shay\appdata\local\{7DA72B2A-8E67-4326-A77F-FE9C9ED126ED}
2012-12-18 20:31:56 -------- d-----w- c:\users\shay\appdata\local\{062F348B-0CE4-48AB-B179-672D81AD792A}
2012-12-17 23:23:48 -------- d-----w- c:\users\shay\appdata\local\{89BD7E56-EEC8-4DF1-AC8B-ECEC01272F02}
2012-12-17 12:19:29 -------- d-----w- c:\users\shay\appdata\local\{0816280F-3FCC-4F7D-8473-D18DB6A200E1}
2012-12-16 21:57:35 -------- d-----w- c:\users\shay\appdata\local\{B2801D06-0A52-4FBF-86C1-0637A02F7BC6}
2012-12-16 08:09:55 -------- d-----w- c:\users\shay\appdata\local\{A2CABE21-4319-4B6F-8E9C-ABFEE6AE72BD}
2012-12-15 12:55:50 -------- d-----w- c:\users\shay\appdata\local\{9263D24E-8365-410E-9A9A-FABB22D6CE95}
2012-12-15 00:54:08 -------- d-----w- c:\users\shay\appdata\local\{ABB5009D-22F9-4B89-B282-65E530670CDA}
2012-12-14 06:51:07 -------- d-----w- c:\users\shay\appdata\local\{8A3311E4-5BC0-4255-8719-B346434125F9}
2012-12-13 18:50:31 -------- d-----w- c:\users\shay\appdata\local\{8274F4EA-ED45-4716-AE40-FCEF21D0F1F0}
2012-12-12 19:03:00 -------- d-----w- c:\users\shay\appdata\local\{736722B9-EFAB-4943-85F2-D79F6A6B3A49}
2012-12-12 06:20:29 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:19:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 20:42:21 -------- d-----w- c:\users\shay\appdata\local\{D268AE05-C2E7-4EE0-8820-4C71C243675F}
2012-12-11 07:16:37 -------- d-----w- c:\users\shay\appdata\local\{F27DCDF6-52DF-4AA0-A2AF-B61C5BEF0F66}
2012-12-10 19:16:13 -------- d-----w- c:\users\shay\appdata\local\{E3246DD2-96E9-4BF4-A92C-CF516752D05E}
2012-12-10 02:18:11 -------- d-----w- c:\users\shay\appdata\local\{75E760FC-DD3E-4E0E-A6E5-DD00EBFA0203}
2012-12-09 11:38:45 -------- d-----w- c:\users\shay\appdata\local\{35CF7568-2D53-40EA-BE75-DD9167581880}
2012-12-08 23:32:41 -------- d-----w- c:\users\shay\appdata\local\{D3EAB04A-D385-4FE9-894F-33DE3F27312B}
2012-12-08 10:39:43 -------- d-----w- c:\users\shay\appdata\local\{9B6A190E-8622-4F84-AAA3-397D64E49B04}
2012-12-07 20:31:30 -------- d-----w- c:\users\shay\appdata\local\{CF5A2B05-7962-4B61-A7AE-399A6081C295}
.
==================== Find3M  ====================
.
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 20:48:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 20:48:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-23 06:33:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 06:33:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 06:33:11 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-17 19:16:47 14664 ----a-w- c:\windows\stinger.sys
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
============= FINISH: 18:42:39.85 ===============
Attach Log
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/04/2010 17:02:01
System Uptime: 05/01/2013 15:21:17 (27 hours ago)
.
Motherboard: TOSHIBA |  | KSWAA
Processor: Intel(R) Core(TM)2 Duo CPU     T6570  @ 2.10GHz | U2E1 | 1197/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 154.772 GiB free.
D: is FIXED (NTFS) - 232 GiB total, 227.092 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP405: 04/12/2012 21:27:17 - Windows Update
RP406: 12/12/2012 06:12:52 - Windows Update
RP407: 13/12/2012 03:00:29 - Windows Update
RP408: 18/12/2012 20:44:22 - Windows Update
RP409: 21/12/2012 06:48:39 - Windows Update
RP410: 25/12/2012 12:12:32 - Windows Update
RP411: 29/12/2012 04:42:21 - Windows Update
RP412: 01/01/2013 11:47:23 - Windows Update
RP413: 04/01/2013 21:09:38 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Amazon.co.uk
Audacity 2.0
AVS Audio Converter version 6.2
AVS Update Manager 1.0
Big Red Book Accounts v4
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
D3DX10
Easy MP3 Cutter 2.9
eBay
EOS Capture 1.3
ESET NOD32 Antivirus
Free Word Excel Password Wizard
FreeTorrentViewer
Google Chrome
Google Earth
Google Update Helper
Hofmann 7.3
HP Deskjet 3070 B611 series Basic Device Software
HP Deskjet 3070 B611 series Help
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Library
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LogMeIn
LogMeIn Ignition
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
OGA Notifier 2.0.0048.0
PhotoStitch
Picasa 3
PlayReady PC Runtime x86
RAW Image Task 2.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
RemoteCapture Task 1.1
Search Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Toolbars
Skype(TM) Launcher
Skype™ 5.10
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Thesaurus 2010 Payroll Standard Version
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
TOSHIBA PC Health Monitor
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
VLC media player 1.1.0
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Word Password Recovery Master 3.5
Yahoo! Messenger
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
06/01/2013 17:07:48, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain SURGERY due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
06/01/2013 16:56:58, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
06/01/2013 16:07:44, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
06/01/2013 03:17:59, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
05/01/2013 15:23:26, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
05/01/2013 15:22:46, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/01/2013 15:22:46, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
05/01/2013 15:18:52, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
05/01/2013 15:13:00, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
05/01/2013 11:38:37, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/01/2013 09:24:57, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
03/01/2013 06:22:34, Error: Microsoft-Windows-GroupPolicy [1007]  - The processing of Group Policy failed. Windows could not determine the site associated for this computer, which is required for Group Policy processing.
.
==== End Of File ===========================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/8/2013 11:36 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
Hello Irishguy 7   smile
 
 
Looks like you have 2 active antivirus running.
 
 
Running two antivirus products on the same computer can degrade performance and cause system instability.
I´ll therefore suggest you remove Ad-Aware Antivirus  or  NOD32 Antivirus
 
 
 
Please download Adwcleaner.
 
 
  • Double click on AdwCleaner.exe to run the tool. 
    ***Note: Windows Vista and Windows 7 users: 
    Right click in the adwCleaner.exe and select – Run as admin 
  • Click Delete. 
  • Everything that was found will be deleted. 
  • Save any open files and approve the reboot. A text file will open after the restart
 
 
We need to get a comprehensive report of what is present in your system.

 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
 Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  •  
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Irishguy 7
New Member


Date Joined Jan 2013
Total Posts : 4
 
   Posted 1/9/2013 12:55 AM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
Thank you for your help. I am posting the files generated by OTL.exe
 
OTL logfile created on: 1/8/2013 9:27:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shay\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
2.84 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 59.14% Memory free
5.68 Gb Paging File | 4.33 Gb Available in Paging File | 76.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.98 Gb Free Space | 67.41% Space Free | Partition Type: NTFS
Drive D: | 232.49 Gb Total Space | 227.09 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
 
Computer Name: SHAY-TOSH | User Name: Shay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/01/08 21:22:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/11/27 21:41:39 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/05/17 13:11:04 | 000,374,160 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
PRC - [2011/03/30 18:46:06 | 001,721,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/11 08:41:08 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2010/05/11 08:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/27 13:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/26 18:00:06 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/17 10:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 17:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 17:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/06 14:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/06 12:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/05 14:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 14:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 17:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/12/05 01:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 01:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 01:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 01:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/05 01:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 01:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 01:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/24 20:52:57 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/18 07:40:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/18 07:39:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 07:39:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/18 07:38:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/18 07:38:43 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/18 07:38:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/18 07:37:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/18 07:37:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/18 07:37:52 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/18 07:37:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/07/31 01:08:04 | 000,016,872 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/04/17 12:29:01 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/03 17:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/29 15:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009/07/16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 14:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/01/08 20:44:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 17:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/05/17 13:11:04 | 000,374,160 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/05/19 04:44:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/11 08:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/08/27 13:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 17:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/05 14:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/01/05 08:30:31 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/20 21:25:52 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/07/05 17:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/06/20 16:07:08 | 001,117,800 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2011/03/18 23:59:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/03/31 10:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/30 20:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 17:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 15:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/06/22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 19:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2004/07/13 12:49:02 | 000,003,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BFAIFILT.SYS -- (BFAIFILT)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bubbleshooter.com/
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - No CLSID value found
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\SearchScopes\{30E173D7-3365-49BA-B2FC-48BE4C212554}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\SearchScopes\{D45AEE3D-4964-42F2-9B7F-A26F26097C81}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 21:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/14 18:50:31 | 000,000,000 | ---D | M]
 
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: http://bubbleshooter.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://bubbleshooter.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Fast chrome = C:\Users\Shay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcnflkdmlnlalbefllfaimhjgmkonbn\3.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Shay\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Shay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/17 21:35:05 | 000,444,635 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15270 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll File not found
O3 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\Toolbar\WebBrowser: (no name) - {0FC85F5D-6207-4515-A490-45A549D285C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [autoauto] C:\Windows\System32\c.bat ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe File not found
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe File not found
O4 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Shay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = surgery.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA2B404-7599-4772-A7DA-F25BB4A76994}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{049f6078-0130-11e1-9ef6-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{049f6078-0130-11e1-9ef6-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{246c34ac-8797-11df-963f-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{246c34ac-8797-11df-963f-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{246c34ae-8797-11df-963f-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{246c34ae-8797-11df-963f-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4df4f736-7415-11df-96ff-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{4df4f736-7415-11df-96ff-705ab68673d7}\Shell\AutoRun\command - "" = F:\lzext.exe
O33 - MountPoints2\{50241ba6-bd53-11e0-9cf7-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{50241ba6-bd53-11e0-9cf7-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7873c7b1-5a2d-11df-9660-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{7873c7b1-5a2d-11df-9660-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7873c7b8-5a2d-11df-9660-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{7873c7b8-5a2d-11df-9660-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98597ae8-c4af-11e0-92ae-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{98597ae8-c4af-11e0-92ae-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98597aea-c4af-11e0-92ae-705ab68673d7}\Shell - "" = AutoRun
O33 - MountPoints2\{98597aea-c4af-11e0-92ae-705ab68673d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{2B124A22-3856-416B-A94E-17689D128D20} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/01/08 21:23:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
[2013/01/08 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{B15F5E3B-F468-454A-8022-512CD814B5F6}
[2013/01/07 18:34:40 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{CE874FF7-BFA0-45F8-8336-D26A3A2484D2}
[2013/01/07 07:41:57 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{345A0AA5-52EA-4FDB-A858-D39C043A40D9}
[2013/01/06 19:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/01/06 19:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/01/06 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/06 13:06:01 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{E173668E-72CE-411B-9CF1-2064B5801725}
[2013/01/05 21:58:45 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{6797C86C-4210-4081-8469-1B4073D4DBFF}
[2013/01/05 14:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/05 14:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/05 09:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/05 08:38:40 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{2413B51D-3DBF-4D26-B2B5-AF39D2D13487}
[2013/01/05 08:30:31 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/05 08:30:31 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/05 08:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/01/04 20:38:11 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{CA028A43-5F55-477B-AAAB-B9A7AD2AC714}
[2013/01/03 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{2B2BA704-DF6B-4C31-9A43-0C6B3418D467}
[2013/01/02 20:56:47 | 000,000,000 | ---D | C] -- C:\Users\Shay\Documents\St Laserians
[2013/01/02 20:42:20 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{01CFDABE-FCC8-449A-9B1F-36861669C05E}
[2013/01/02 07:48:41 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{ECC14C1F-DD4B-463F-93EE-A399ABDB3AF9}
[2013/01/01 17:18:25 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{F684EBB3-96EF-451D-8E44-F6ABA4FBA15F}
[2013/01/01 05:18:01 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{33EE449F-57C2-49F0-BEC1-6F2E5A9DB89F}
[2012/12/31 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{7DA3A944-6B35-482D-B78D-0A69C3672FF9}
[2012/12/31 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{79C11CA4-FB8D-4F58-8A9E-3F772B1143B7}
[2012/12/31 00:36:10 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{547E8236-AA1D-4EC7-B238-78BA1B0DEB42}
[2012/12/30 15:18:23 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\Programs
[2012/12/30 12:53:52 | 000,000,000 | ---D | C] -- C:\Users\Shay\Documents\Scanned photos
[2012/12/30 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{A247606C-0604-42ED-A6DF-D30CE75A1C8D}
[2012/12/29 23:23:19 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{7E8D8655-9319-4FDF-8BF3-245DFA0454E5}
[2012/12/29 08:40:23 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{29D266DE-29CB-4346-A588-B4A4D24B244B}
[2012/12/28 20:09:23 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{E7A56651-08AB-4EB5-ACE8-283D14DA8D86}
[2012/12/27 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{23068A7B-9C90-4CD1-927B-53079092745E}
[2012/12/26 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{D78274B8-F464-4688-A417-ABA46E670711}
[2012/12/26 09:49:54 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{C93D4C4F-BB2E-4E21-B0FC-324969994E23}
[2012/12/25 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{164A1125-A944-4F6D-AAC3-C894FF3F9B82}
[2012/12/25 09:26:29 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{F5DF4EAB-B124-4FCD-90F9-F4D702A663AB}
[2012/12/24 14:50:27 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{5361CF19-A55E-4F6A-A948-2BA19C7B1BBF}
[2012/12/23 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{EF094FDB-31AA-40B8-880B-4E5E231C9CC5}
[2012/12/23 07:47:57 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{736DBC96-174D-4C13-ACFF-FAC9F097C01E}
[2012/12/22 10:29:51 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{1010F0A8-7128-4E23-BC85-93AE9F9A9666}
[2012/12/21 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{9B9B4683-D368-41B6-A647-849AAE4EC32C}
[2012/12/21 06:49:07 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{3A6658EA-45C7-47D2-8A1D-E39A361FA1C1}
[2012/12/20 18:19:13 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{28E9E078-B136-4417-BF7A-6E3F43107279}
[2012/12/19 12:10:53 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{7DA72B2A-8E67-4326-A77F-FE9C9ED126ED}
[2012/12/18 20:31:56 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{062F348B-0CE4-48AB-B179-672D81AD792A}
[2012/12/17 23:23:48 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{89BD7E56-EEC8-4DF1-AC8B-ECEC01272F02}
[2012/12/17 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Shay\Desktop\BRB1
[2012/12/17 12:19:29 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{0816280F-3FCC-4F7D-8473-D18DB6A200E1}
[2012/12/16 21:57:35 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{B2801D06-0A52-4FBF-86C1-0637A02F7BC6}
[2012/12/16 08:09:55 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{A2CABE21-4319-4B6F-8E9C-ABFEE6AE72BD}
[2012/12/15 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{9263D24E-8365-410E-9A9A-FABB22D6CE95}
[2012/12/15 00:54:08 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{ABB5009D-22F9-4B89-B282-65E530670CDA}
[2012/12/14 06:51:07 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{8A3311E4-5BC0-4255-8719-B346434125F9}
[2012/12/13 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{8274F4EA-ED45-4716-AE40-FCEF21D0F1F0}
[2012/12/12 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{736722B9-EFAB-4943-85F2-D79F6A6B3A49}
[2012/12/11 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{D268AE05-C2E7-4EE0-8820-4C71C243675F}
[2012/12/11 07:16:37 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{F27DCDF6-52DF-4AA0-A2AF-B61C5BEF0F66}
[2012/12/10 19:16:13 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{E3246DD2-96E9-4BF4-A92C-CF516752D05E}
[2012/12/10 02:18:11 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\{75E760FC-DD3E-4E0E-A6E5-DD00EBFA0203}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/01/08 21:26:57 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/08 21:26:57 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/08 21:22:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
[2013/01/08 21:20:39 | 000,002,004 | ---- | M] () -- C:\Users\Shay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2013/01/08 21:20:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/08 21:20:07 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shay.job
[2013/01/08 21:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/08 21:19:09 | 2287,628,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/08 21:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/08 20:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/08 20:42:32 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shay.job
[2013/01/08 20:42:21 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shay.job
[2013/01/06 19:00:48 | 000,002,050 | ---- | M] () -- C:\Users\Shay\Desktop\HijackThis.lnk
[2013/01/06 15:12:41 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 14:33:43 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/05 09:45:22 | 000,002,246 | ---- | M] () -- C:\Users\Shay\Desktop\Google Chrome.lnk
[2013/01/05 08:30:31 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/05 08:30:31 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/02 23:04:28 | 000,637,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/02 23:04:28 | 000,115,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/01 05:17:17 | 000,007,968 | ---- | M] () -- C:\123.crx
[2012/12/21 07:07:01 | 000,414,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/01/06 19:00:48 | 000,002,050 | ---- | C] () -- C:\Users\Shay\Desktop\HijackThis.lnk
[2013/01/05 14:33:43 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/05 09:45:22 | 000,002,246 | ---- | C] () -- C:\Users\Shay\Desktop\Google Chrome.lnk
[2012/12/20 18:19:17 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shay.job
[2012/12/19 03:36:05 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shay.job
[2012/12/19 03:36:04 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shay.job
[2012/08/14 15:21:01 | 000,000,023 | ---- | C] () -- C:\Windows\bo9440cn.ini
[2012/08/14 15:21:00 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9440cn.dat
[2012/08/14 15:21:00 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/02/08 23:06:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/24 06:16:42 | 000,007,605 | ---- | C] () -- C:\Users\Shay\AppData\Local\Resmon.ResmonCfg
[2011/11/09 11:04:37 | 000,225,787 | ---- | C] () -- C:\Users\Shay\BRB002.zip
[2011/08/12 07:04:27 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/06/21 20:24:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/16 09:30:02 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll
[2010/07/05 20:40:44 | 000,004,608 | ---- | C] () -- C:\Users\Shay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 11:54:48 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/07/25 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Audacity
[2010/06/14 21:16:00 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Canon
[2012/04/09 05:20:59 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\FreeTorrentViewer
[2012/01/28 14:22:45 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\HTC
[2012/01/28 14:22:56 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/07/24 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\LogMeInIgnition
[2010/09/28 00:07:20 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\NCH Swift Sound
[2012/07/08 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\PhotoScape
[2010/05/12 19:22:21 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Pixmantec
[2010/04/18 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Toshiba
[2011/08/12 07:04:00 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\WinBatch
[2010/10/25 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Windows Live Writer
[2010/04/26 11:55:42 | 000,000,000 | ---D | M] -- C:\Users\surgery\AppData\Roaming\Toshiba
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010/04/26 11:50:55 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/11/09 11:05:41 | 000,000,000 | ---D | M] -- C:\BRBWin
[2009/07/14 04:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/04/26 03:28:50 | 000,000,000 | ---D | M] -- C:\Expat Shield
[2011/12/18 04:33:15 | 000,000,000 | -HSD | M] -- C:\found.000
[2012/11/19 18:58:40 | 000,000,000 | -HSD | M] -- C:\found.001
[2010/03/20 21:33:41 | 000,000,000 | ---D | M] -- C:\Intel
[2009/09/04 09:53:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 02:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/01/08 21:17:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/01/08 21:20:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/01/09 22:15:41 | 000,000,000 | ---D | M] -- C:\ROS
[2010/05/08 21:41:21 | 000,000,000 | ---D | M] -- C:\Soc
[2013/01/08 21:30:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/02/14 15:43:58 | 000,000,000 | ---D | M] -- C:\Thesaurus Backup 2010
[2011/09/24 10:58:58 | 000,000,000 | ---D | M] -- C:\ThesaurusPayroll2010
[2011/02/14 15:52:18 | 000,000,000 | ---D | M] -- C:\ThesaurusPayroll2010a
[2010/03/20 21:52:01 | 000,000,000 | ---D | M] -- C:\Toshiba
[2010/04/26 11:50:46 | 000,000,000 | R--D | M] -- C:\Users
[2013/01/05 14:39:28 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %windir%\Installer\*.* >[/color]
[2009/06/01 20:00:00 | 004,189,184 | ---- | M] () -- C:\Windows\Installer\110ec2.msi
[2010/10/23 21:57:28 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\1245d9f.msi
[2010/10/23 21:57:29 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\1245dac.msi
[2010/10/23 21:57:30 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\1245db0.msi
[2010/10/23 21:57:51 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\1245e1f.msi
[2012/02/17 03:54:55 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\12c6f26.msp
[2012/05/09 03:45:11 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\12efac43.msp
[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\12efac53.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\12efac65.msp
[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\12efac77.msp
[2011/12/15 12:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\12efac8d.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\12efac9e.msp
[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\12efacb1.msp
[2012/01/19 12:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\12efacbc.msp
[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\12efaccd.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\12efacdf.msp
[2010/03/20 21:44:12 | 006,439,424 | ---- | M] () -- C:\Windows\Installer\1321d.msi
[2010/03/20 21:46:13 | 050,920,960 | ---- | M] () -- C:\Windows\Installer\13222.msi
[2010/03/20 21:47:27 | 005,876,224 | ---- | M] () -- C:\Windows\Installer\13227.msi
[2010/03/20 21:48:06 | 006,711,808 | ---- | M] () -- C:\Windows\Installer\1322e.msi
[2003/02/21 10:43:14 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\13232f.msi
[2010/03/20 21:48:35 | 024,441,344 | ---- | M] () -- C:\Windows\Installer\13235.msi
[2010/03/20 21:48:51 | 044,046,848 | ---- | M] () -- C:\Windows\Installer\1323c.msi
[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\135891f8.msp
[2012/01/28 14:18:52 | 002,434,048 | ---- | M] () -- C:\Windows\Installer\13b92c88.msi
[2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\13b92c8e.msi
[2012/01/28 14:19:30 | 001,088,512 | ---- | M] () -- C:\Windows\Installer\13b92cbd.msi
[2010/12/17 03:01:35 | 020,304,384 | R--- | M] () -- C:\Windows\Installer\13c39f8.msp
[2009/08/17 08:55:54 | 001,456,640 | ---- | M] () -- C:\Windows\Installer\13d32.msi
[2009/09/04 09:52:31 | 020,334,592 | ---- | M] () -- C:\Windows\Installer\1400f.msi
[2008/08/08 13:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\14014.msi
[2009/09/04 09:53:12 | 025,235,968 | ---- | M] () -- C:\Windows\Installer\14019.msi
[2009/09/04 09:55:56 | 003,779,584 | ---- | M] () -- C:\Windows\Installer\1408e.msi
[2008/07/17 12:48:14 | 001,850,368 | ---- | M] () -- C:\Windows\Installer\14095.msi
[2007/05/16 11:08:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\140cd.msi
[2009/07/26 11:15:22 | 001,449,984 | ---- | M] () -- C:\Windows\Installer\140d2.msi
[2009/06/23 20:45:34 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\140e2.msi
[2009/09/04 09:58:27 | 015,706,112 | R--- | M] () -- C:\Windows\Installer\140e8.msp
[2010/04/24 16:08:48 | 009,129,984 | R--- | M] () -- C:\Windows\Installer\14ff8a43.msp
[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\14ff8a55.msp
[2012/09/19 05:07:02 | 019,337,216 | ---- | M] () -- C:\Windows\Installer\1625c6a6.msi
[2010/09/07 06:48:55 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\1719e0d0.msp
[2009/08/10 13:09:46 | 017,254,912 | R--- | M] () -- C:\Windows\Installer\175f0a6d.msp
[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\176fbec.msp
[2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\176fbfb.msp
[2011/09/15 18:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\176fcef.msp
[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\176fcfa.msp
[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\176fd06.msp
[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\176fd10.msp
[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\17f265c.msp
[2010/04/24 16:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\17f267d.msp
[2010/03/24 17:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\17f268f.msp
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\1847c87.msp
[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\Windows\Installer\1847c99.msp
[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\Windows\Installer\1847cac.msp
[2010/04/23 11:56:47 | 007,682,560 | ---- | M] () -- C:\Windows\Installer\19ccb2c5.msi
[2012/05/25 16:50:17 | 030,331,684 | ---- | M] () -- C:\Windows\Installer\1a6100.msi
[2012/10/20 23:32:14 | 009,590,272 | R--- | M] () -- C:\Windows\Installer\1aacc1e5.msp
[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\1aacc1f7.msp
[2011/02/24 03:01:06 | 020,308,992 | R--- | M] () -- C:\Windows\Installer\1bc9aabb.msp
[2012/01/22 09:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1c133414.msp
[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\1c133425.msp
[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\1c133437.msp
[2009/07/20 23:11:12 | 002,459,648 | ---- | M] () -- C:\Windows\Installer\1c54700b.msi
[2010/04/26 13:07:39 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\1d395.msp
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\1ea3568c.msp
[2011/06/18 05:54:32 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\1ea35698.msp
[2011/04/19 03:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\1ea3569f.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\1ea356b0.msp
[2011/04/29 11:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\1ea356c2.msp
[2010/07/18 15:20:26 | 008,992,256 | ---- | M] () -- C:\Windows\Installer\1f07338.msi
[2009/04/24 11:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\20a18ca.msp
[2009/07/21 23:01:04 | 000,251,904 | ---- | M] () -- C:\Windows\Installer\20a18d1.msi
[2009/04/14 03:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\20a18d9.msp
[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\20a18eb.msp
[2009/07/21 23:23:56 | 000,199,680 | ---- | M] () -- C:\Windows\Installer\20a18f2.msi
[2010/02/21 00:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\20a1904.msp
[2009/10/16 06:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\20a1916.msp
[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\20a1927.msp
[2009/04/14 03:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\20a1930.msp
[2010/02/04 16:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\20a1943.msp
[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\20a1955.msp
[2009/04/24 11:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\20a1978.msp
[2009/08/05 06:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\20a198c.msp
[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\20a199d.msp
[2009/08/03 14:10:40 | 000,791,552 | ---- | M] () -- C:\Windows\Installer\20a19a4.msi
[2009/04/14 02:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\20a19ac.msp
[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\20a19c0.msp
[2009/04/14 03:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\20a19c9.msp
[2009/04/14 03:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\20a19d2.msp
[2010/02/21 00:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\20a19ea.msp
[2010/04/18 21:16:14 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\20a19f3.msp
[2009/08/18 12:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\20a1a05.msp
[2009/04/14 03:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\20a1a0d.msp
[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\20a1a1f.msp
[2011/04/21 05:21:00 | 020,314,624 | R--- | M] () -- C:\Windows\Installer\20cdfede.msp
[2012/01/04 07:05:25 | 003,979,776 | ---- | M] () -- C:\Windows\Installer\290ff3d5.msi
[2010/07/24 14:48:52 | 081,285,632 | ---- | M] () -- C:\Windows\Installer\29b33ae.msi
[2011/04/13 10:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\29f571ed.msp
[2011/03/25 08:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\29f571f5.msp
[2004/12/01 11:00:04 | 001,350,192 | ---- | M] () -- C:\Windows\Installer\2caa83d.msi
[2004/12/10 09:29:36 | 000,924,160 | ---- | M] () -- C:\Windows\Installer\2caa847.msi
[2004/06/04 19:13:00 | 000,686,840 | ---- | M] () -- C:\Windows\Installer\2caa851.msi
[2004/12/08 15:11:00 | 000,788,348 | ---- | M] () -- C:\Windows\Installer\2caa857.msi
[2003/11/28 19:16:56 | 000,848,752 | ---- | M] () -- C:\Windows\Installer\2caa861.msi
[2004/06/15 17:53:00 | 000,935,936 | ---- | M] () -- C:\Windows\Installer\2caa865.msi
[2004/11/24 09:32:00 | 003,596,588 | ---- | M] () -- C:\Windows\Installer\2caa876.msi
[2004/11/26 19:59:00 | 001,092,608 | ---- | M] () -- C:\Windows\Installer\2caa87b.msi
[2004/11/26 19:58:00 | 001,049,600 | ---- | M] () -- C:\Windows\Installer\2caa885.msi
[2004/12/22 13:34:36 | 001,039,940 | ---- | M] () -- C:\Windows\Installer\2caa88f.msi
[2004/12/13 12:35:00 | 001,262,592 | ---- | M] () -- C:\Windows\Installer\2caa899.msi
[2004/06/17 11:15:00 | 001,300,992 | ---- | M] () -- C:\Windows\Installer\2caa8a3.msi
[2004/11/18 11:41:48 | 001,222,144 | ---- | M] () -- C:\Windows\Installer\2caa8ad.msi
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\2f90e549.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\2f90e55b.msp
[2011/10/17 18:26:31 | 001,437,184 | ---- | M] () -- C:\Windows\Installer\2ff878b.msi
[2010/09/29 06:45:52 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\30afbaa1.msp
[2012/07/24 20:31:37 | 005,879,296 | ---- | M] () -- C:\Windows\Installer\31744a0.msi
[2012/07/24 20:36:01 | 018,900,480 | ---- | M] () -- C:\Windows\Installer\31744a4.msi
[2010/07/10 19:06:20 | 010,120,192 | R--- | M] () -- C:\Windows\Installer\3344625.msp
[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\3344637.msp
[2010/11/10 00:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\33704.msp
[2010/11/10 03:58:48 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\3371d.msp
[2010/11/10 02:20:22 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\3373f.msp
[2010/11/10 02:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\3375e.msp
[2010/11/10 02:18:26 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\3378c.msp
[2010/11/10 01:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\33794.msp
[2010/11/10 00:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\337a5.msp
[2010/11/10 01:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\337bb.msp
[2010/11/10 01:36:26 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\337d7.msp
[2010/11/10 01:31:00 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\337e3.msp
[2010/11/10 01:39:06 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\337eb.msp
[2012/09/25 12:35:18 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\33841811.msp
[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\33841823.msp
[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\Windows\Installer\33841835.msp
[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\33841847.msp
[2012/09/06 09:22:10 | 013,475,840 | R--- | M] () -- C:\Windows\Installer\33841857.msp
[2012/09/10 08:59:10 | 010,739,712 | R--- | M] () -- C:\Windows\Installer\33841865.msp
[2009/09/04 09:50:17 | 000,028,672 | ---- | M] () -- C:\Windows\Installer\39fe0.msi
[2010/12/31 19:20:22 | 000,270,848 | ---- | M] () -- C:\Windows\Installer\3b1f9584.msi
[2007/04/10 17:31:24 | 000,930,816 | ---- | M] () -- C:\Windows\Installer\3e436918.msi
[2010/08/13 17:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\45cf93f5.msp
[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\45cf9407.msp
[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\45cf9419.msp
[2010/08/13 17:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\45cf942b.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\49a0f01b.msp
[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\4b7423a.msi
[2011/01/15 08:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\4b74240.msi
[2012/09/15 19:57:53 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\4c47010.msi
[2010/04/14 18:42:13 | 039,261,696 | ---- | M] () -- C:\Windows\Installer\4ed4d.msi
[2011/05/18 21:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\514d2d.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\514d3e.msp
[2011/04/07 02:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\514d55.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\514d66.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\514d72.msp
[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\514d83.msp
[2011/09/06 20:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\514d95.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\514da7.msp
[2011/04/28 09:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\515af609.msp
[2010/03/18 20:26:32 | 001,163,264 | ---- | M] () -- C:\Windows\Installer\520b5e6.msi
[2012/04/22 21:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\5285053.msp
[2012/03/15 12:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\528505b.msp
[2010/08/04 14:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\582e453.msp
[2013/01/06 18:53:38 | 027,811,840 | ---- | M] () -- C:\Windows\Installer\5e16650.msi
[2013/01/06 18:54:36 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\5e16656.msi
[2011/11/21 23:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\60a35db.msp
[2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\617f9.msp
[2010/06/04 02:00:34 | 020,242,432 | R--- | M] () -- C:\Windows\Installer\65284bf8.msp
[2011/01/11 08:19:42 | 000,226,816 | ---- | M] () -- C:\Windows\Installer\6e608e.msi
[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\6e609f.msp
[2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\6e60b1.msp
[2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\6e60c3.msp
[2011/02/11 07:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\6e60d1.msp
[2010/11/20 22:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\6e60f2.msp
[2011/03/17 19:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\6e60fa.msp
[2011/01/11 16:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\6e6113.msp
[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\Windows\Installer\7137302.msp
[2012/06/25 16:02:18 | 002,460,672 | ---- | M] () -- C:\Windows\Installer\713730a.msi
[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\713731b.msp
[2012/03/27 15:47:55 | 004,959,232 | R--- | M] () -- C:\Windows\Installer\76c0d5.msp
[2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\7999fa7.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\83e2160.msp
[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\83e2172.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\83e2184.msp
[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\83e2196.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\83e21a8.msp
[2012/07/31 16:18:14 | 005,018,624 | R--- | M] () -- C:\Windows\Installer\8c6fcc4.msp
[2011/11/27 21:40:51 | 001,412,096 | ---- | M] () -- C:\Windows\Installer\91fdeea.msi
[2011/11/27 21:40:51 | 000,391,105 | ---- | M] () -- C:\Windows\Installer\91fdef5.msi
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\97444fd.msp
[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\Windows\Installer\974450f.msp
[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\Windows\Installer\9744521.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\9744533.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\9ac4aba.msp
[2011/08/04 21:47:34 | 005,476,352 | ---- | M] () -- C:\Windows\Installer\a3ef698.msi
[2011/08/04 21:47:36 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\a3ef6ac.msp
[2011/08/04 21:47:38 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\a3ef6c5.msp
[2011/08/04 21:47:39 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\a3ef6cf.msp
[2011/08/04 21:47:39 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\a3ef6e0.msp
[2011/08/04 21:47:40 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\a3ef6f9.msp
[2011/08/04 21:47:43 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\a3ef71d.msp
[2011/08/04 21:47:44 | 000,038,912 | R--- | M] () -- C:\Windows\Installer\a3ef74b.msp
[2011/08/04 21:47:51 | 005,872,128 | R--- | M] () -- C:\Windows\Installer\a3ef768.msp
[2011/08/04 21:47:53 | 002,956,288 | R--- | M] () -- C:\Windows\Installer\a3ef787.msp
[2011/08/04 21:47:57 | 014,623,744 | R--- | M] () -- C:\Windows\Installer\a3ef7bd.msp
[2011/08/04 21:47:59 | 003,731,968 | R--- | M] () -- C:\Windows\Installer\a3ef7ce.msp
[2011/08/04 21:48:00 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\a3ef7e1.msp
[2011/08/04 21:48:01 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\a3ef7f1.msp
[2011/08/04 21:48:02 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\a3ef7ff.msp
[2011/08/04 21:48:05 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\a3ef80e.msp
[2011/08/04 21:48:06 | 000,636,416 | R--- | M] () -- C:\Windows\Installer\a3ef826.msp
[2011/08/04 21:48:06 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\a3ef830.msp
[2011/08/04 21:48:07 | 002,146,816 | R--- | M] () -- C:\Windows\Installer\a3ef841.msp
[2011/08/04 21:48:08 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\a3ef84c.msp
[2011/08/04 21:48:08 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\a3ef857.msp
[2012/04/06 07:50:39 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\b00b6.msi
[2012/04/06 07:50:58 | 015,234,048 | ---- | M] () -- C:\Windows\Installer\b00d2.msi
[2009/09/04 09:38:33 | 016,339,968 | ---- | M] () -- C:\Windows\Installer\bed4.msi
[2009/09/04 09:38:45 | 004,579,840 | ---- | M] () -- C:\Windows\Installer\bedd.msi
[2009/09/04 09:39:08 | 017,115,648 | ---- | M] () -- C:\Windows\Installer\bee7.msi
[2009/09/04 09:39:27 | 007,207,424 | ---- | M] () -- C:\Windows\Installer\bef0.msi
[2009/09/04 09:41:42 | 028,719,104 | ---- | M] () -- C:\Windows\Installer\befa.msi
[2007/02/21 15:42:48 | 000,826,880 | ---- | M] () -- C:\Windows\Installer\beff.msi
[2009/09/04 09:42:59 | 016,715,776 | ---- | M] () -- C:\Windows\Installer\bf06.msi
[2009/09/04 09:43:18 | 006,391,808 | ---- | M] () -- C:\Windows\Installer\bf0c.msi
[2011/04/29 11:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\bf0c031.msp
[2009/09/04 09:43:27 | 000,788,480 | ---- | M] () -- C:\Windows\Installer\bf11.msi
[2009/09/01 14:52:12 | 000,321,024 | ---- | M] () -- C:\Windows\Installer\bf16.msi
[2009/09/04 09:44:57 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\bf25.msi
[2009/07/22 07:24:24 | 000,497,152 | ---- | M] () -- C:\Windows\Installer\bf2a.msi
[2011/07/11 16:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\c8fa31f.msp
[2011/10/14 05:57:10 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\c8fa32a.msp
[2009/09/04 09:53:32 | 002,398,720 | ---- | M] () -- C:\Windows\Installer\e058d41.msi
[2009/09/04 09:53:32 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\e058d47.msi
[2009/09/04 09:53:33 | 001,714,176 | ---- | M] () -- C:\Windows\Installer\e058d4d.msi
[2010/04/17 12:26:52 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\e058d53.msi
[2009/09/04 09:53:34 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\e058d59.msi
[2009/09/04 09:53:34 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\e058d5f.msi
[2009/09/04 09:53:34 | 000,518,144 | ---- | M] () -- C:\Windows\Installer\e058d66.msi
[2009/09/04 09:53:34 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\e058d6d.msi
[2009/09/04 09:53:34 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\e058d73.msi
[2009/09/04 09:53:35 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\e058d79.msi
[2010/04/17 12:27:11 | 009,614,848 | ---- | M] () -- C:\Windows\Installer\e058d80.msi
[2009/04/03 23:55:22 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\e2703d9.msp
[2009/04/03 23:55:36 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\e2703f3.msp
[2009/04/03 23:55:48 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\e2703fb.msp
[2009/04/03 23:55:42 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\e270405.msp
[2009/04/03 23:55:30 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\e270423.msp
[2009/04/03 23:55:04 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\e27052a.msp
[2011/03/31 03:13:12 | 003,326,464 | ---- | M] () -- C:\Windows\Installer\eda8d6.msi
[2011/01/10 20:23:07 | 000,117,760 | ---- | M] () -- C:\Windows\Installer\eda8dc.msi
[2010/04/24 16:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\f5ce226.msp
[2011/05/18 09:51:42 | 002,840,576 | ---- | M] () -- C:\Windows\Installer\f6f48d9.msi
[2010/10/23 21:57:19 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\fe77b9c.msi
[2012/04/09 18:39:09 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\fe77bab.msp
[2010/10/23 21:57:25 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\fe77bb0.msi
[2012/04/09 18:39:23 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\fe77bc4.msp
[2010/10/23 21:57:30 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\fe77bc9.msi
[2012/04/09 18:39:23 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\fe77bce.msp
[2010/10/23 21:57:32 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\fe77bd3.msi
[2012/04/09 18:39:23 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\fe77bdf.msp
[2011/08/04 21:47:40 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\fe77be4.msi
[2012/04/09 18:39:24 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\fe77bec.msp
[2010/10/23 21:57:44 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\fe77bf4.msi
[2012/04/09 18:39:25 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\fe77c10.msp
[2011/08/04 21:47:42 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\fe77c18.msi
[2012/04/09 18:39:26 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\fe77c2b.msp
[2010/10/23 21:57:51 | 000,070,144 | ---- | M] () -- C:\Windows\Installer\fe77c31.msi
[2012/04/09 18:39:26 | 000,038,912 | R--- | M] () -- C:\Windows\Installer\fe77c36.msp
[2010/10/23 21:57:54 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\fe77c3c.msi
[2012/04/09 18:39:28 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\fe77c53.msp
[2010/10/23 21:57:55 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\fe77c58.msi
[2012/04/09 18:39:28 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\fe77c72.msp
[2010/10/23 21:58:10 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\fe77c7d.msi
[2012/04/09 18:39:31 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\fe77ca8.msp
[2010/10/23 21:58:13 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\fe77cb0.msi
[2012/04/09 18:39:32 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\fe77cb9.msp
[2010/10/23 21:58:17 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\fe77cc2.msi
[2012/04/09 18:39:32 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\fe77ccc.msp
[2011/08/04 21:48:00 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\fe77cd1.msi
[2012/04/09 18:39:33 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\fe77cd7.msp
[2010/10/23 21:57:26 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\fe77cdc.msi
[2012/04/09 18:39:33 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\fe77ce5.msp
[2010/10/23 21:57:46 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\fe77cea.msi
[2012/04/09 18:39:33 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\fe77cf4.msp
[2011/08/04 21:48:04 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\fe77cfa.msi
[2012/04/09 18:39:34 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\fe77d04.msp
[2010/10/23 21:57:58 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\fe77d0a.msi
[2012/04/09 18:39:34 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\fe77d10.msp
[2010/10/23 21:57:57 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\fe77d15.msi
[2012/04/09 18:39:35 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\fe77d1a.msp
[2010/10/23 21:58:03 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\fe77d20.msi
[2012/04/09 18:39:35 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\fe77d2b.msp
[2010/10/23 21:58:16 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\fe77d31.msi
[2012/04/09 18:39:36 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\fe77d36.msp
[2010/10/23 21:58:18 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\fe77d3c.msi
[2012/04/09 18:39:36 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\fe77d41.msp
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
 
[color=#A23BEC]< %windir%\system32\tasks\*.* >[/color]
[2013/01/08 20:44:21 | 000,003,768 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2013/01/05 14:33:45 | 000,002,770 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2010/03/20 21:50:49 | 000,003,468 | ---- | M] () -- C:\Windows\system32\tasks\ConfigFree Startup Programs
[2010/04/17 12:58:45 | 000,003,536 | ---- | M] () -- C:\Windows\system32\tasks\CreateChoiceProcessTask
[2012/09/15 19:58:01 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/09/15 19:58:02 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/05/25 16:52:48 | 000,003,590 | ---- | M] () -- C:\Windows\system32\tasks\Launch HTC Sync Loader
[2012/06/10 16:51:30 | 000,003,192 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-1379762275-1066828835-1910331368-1000
[2012/06/10 16:51:29 | 000,003,328 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-1379762275-1066828835-1910331368-1000
[2010/10/19 17:31:50 | 000,003,330 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3211346508-516463325-2496981541-1113
[2013/01/08 20:42:32 | 000,002,960 | ---- | M] () -- C:\Windows\system32\tasks\ReclaimerUpdateFiles_Shay
[2013/01/08 20:42:20 | 000,002,956 | ---- | M] () -- C:\Windows\system32\tasks\ReclaimerUpdateXML_Shay
[2012/12/20 18:19:17 | 000,002,664 | ---- | M] () -- C:\Windows\system32\tasks\RNUpgradeHelperLogonPrompt_Shay
[2012/12/20 18:19:17 | 000,003,610 | ---- | M] () -- C:\Windows\system32\tasks\RNUpgradeHelperResumePrompt_Shay
[2012/10/20 16:38:54 | 000,003,138 | ---- | M] () -- C:\Windows\system32\tasks\{F1196350-6226-47D7-873C-ED198073912F}
[2010/04/13 20:34:47 | 000,002,864 | ---- | M] () -- C:\Windows\system32\tasks\{FA1364F1-4712-401A-B0E1-D92EA7C4C930}
 
[color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
[2009/07/14 04:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 04:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010/04/15 05:03:38 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 05:03:39 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 01:31:08 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/12/19 03:36:04 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Shay.job
[2012/12/19 03:36:05 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Shay.job
[2012/12/20 18:19:17 | 000,000,372 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Shay.job
 
[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]
 
[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SHAY-TOSH
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media          
  Volume 1     C   WINDOWS      NTFS   Partition    232 GB  Healthy    Boot   
  Volume 2     D   Data         NTFS   Partition    232 GB  Healthy           
  Volume 3         SYSTEM       NTFS   Partition    400 MB  Healthy    Hidden 
< End of report >
Extras.txt
 
OTL Extras logfile created on: 1/8/2013 9:27:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shay\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
2.84 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 59.14% Memory free
5.68 Gb Paging File | 4.33 Gb Available in Paging File | 76.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.98 Gb Free Space | 67.41% Space Free | Partition Type: NTFS
Drive D: | 232.49 Gb Total Space | 227.09 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
 
Computer Name: SHAY-TOSH | User Name: Shay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1379762275-1066828835-1910331368-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075D8EFB-260A-499A-8430-37DCA0B00563}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{141C559A-EEA9-4D81-B55B-2E5A2411CFF0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{206C35F9-3470-4B1A-B3A7-4D8C8C3F597A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A8F5CB9-7DB7-413A-B69B-36E5736D0C40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35B8326B-BDD0-43A2-AC2F-1A8A5A3673DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C4331EF-6B99-4BA6-AFCD-1BC9F7339E63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40270EDD-CD11-4DBF-893B-0368783E42C7}" = lport=138 | protocol=17 | dir=in | app=system |
"{50AF42C9-0B25-4912-950E-37635942B73B}" = rport=139 | protocol=6 | dir=out | app=system |
"{521C9BAA-374B-42A6-BCDE-FFD94964DF0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{53E77DB6-CDC6-46B4-8F05-0E7B3C053B12}" = lport=137 | protocol=17 | dir=in | app=system |
"{56DCED8D-15FA-4B3B-BB8B-A932115B153C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6956D3E4-08F6-4180-9601-725E37910510}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8143CA43-5DFF-4FFA-AE51-2209C813287C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9703A50B-5223-42F8-B098-7EB5178D96C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C805B9F-DA8B-46A4-87BC-4BC23199269A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1A8A646-7641-4417-96C8-A1E4C6D3202A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B4E13D2E-4349-4ECF-8B27-61AA76A3E63D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3D11491-EE3E-4BFE-BA58-5D5658A91A35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9414228-ACCA-4115-9B5C-C220D2B2703F}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA65ADAE-0821-4F61-BEBF-62B5474C3CD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4365BA5-C037-47E8-BBCE-7698307F78CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA3A54D9-C41F-4474-BD5F-8F52078F6BD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE47A329-3ACA-41CE-A238-C86BBDD45683}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E12F00FB-2886-463E-B923-C5AD34D6AD2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F47B10C2-9963-48A9-BDF7-54C8ECD64971}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB8251C3-7DCA-4896-99BC-1F2918637533}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FD536A-9732-46BC-BB08-948CE8C579AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03B6DC36-12D2-46A3-A712-991766520099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0757E686-B3BC-40EE-BB48-26A33BE28E5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07F6C57E-5C95-4AEF-A0EA-D3FFBC5A31F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{114A6106-FDD9-44A0-9D59-B7DD669A6654}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{133CA992-1E01-434B-A030-92CD556E54E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15D61F1F-83FA-43EE-8027-BA32C48B890F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{183A0FDC-856D-4FF3-B978-F45F8F1D110A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AD585E1-F325-4485-93AD-4E67B097BD63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1B2411EE-E925-4E91-BD71-99E9214E5258}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B58E380-F3C4-4256-820C-C007C36FB07C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CC421C2-C224-4441-A8F3-DA5789287F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CC7070E-848F-454D-9445-0301DF1C1504}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CDE4B6C-7F59-4C8A-9FC7-9A926403CD4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D7107A7-AD4B-416C-AA34-5675632DB43B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DEC5660-C34D-4787-9AD8-56D9C308C78F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EB09738-6666-4F94-A810-D2DEB253D08B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EE4FA8A-2CD9-4D74-87BF-03172E671255}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F2E7A59-D486-43A9-A12E-DBB84E420E3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{208C4F1B-3864-4415-BA04-1A46B94CC57F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20B204ED-1CBD-4949-943F-8F21653DA0A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23E56754-E4A3-4E06-899D-5E6862B3F7F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2427A9D6-B3EA-410E-B5CA-AF81C7880BB3}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{258F34B3-64BB-4FF5-9872-5F881002FD04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26235CA2-155A-4FB7-9980-F28C37641D30}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2691B4F4-598B-4E8F-ABA5-BC5FDDE690D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C3FF3B9-3306-45A5-9BAB-77EEF13157FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C7837DE-6380-42A1-AD4D-2985F2B48F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CA0A0A3-DB07-42E4-9C31-31864391D829}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E215F5B-7692-4B06-9B96-8ECA4A7AE08C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EA1D506-0D9A-4352-9D62-BED61A3A8243}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F542333-0C79-4DB3-BEAE-E7C5A35A4BD2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{317613A4-46F7-4A7C-9998-0A20C58676B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31C829BA-03BF-463B-BAAE-FB7B2FDA9B34}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{323F324C-F21F-4A70-A754-E47408FD6CE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{325FEEC2-C435-4055-8D8F-7009FF77C0E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328CB14F-C201-4778-A38C-5464B5444D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33EA097F-658D-4822-9103-5FF35E08352C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3444D969-9150-44C4-91EF-7C3ED35D8AB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35046EC7-DBD8-4DFB-A355-70F1EDC3E9EE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3548F5F5-FFF7-48DF-93D9-6343D699558F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3582E52F-DD57-4B3A-87A5-739BD7C094DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3999E5EC-FDDB-4276-839F-8E8244398A61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A654EF0-BD9C-4EBC-9D22-4EB250F61B11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AD9FE89-D5F8-4901-BEBB-1BD3594B26D0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3B98B403-81B2-49AB-B16D-93B9EDA804B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B98D6DE-CF93-4CA8-A644-B6903A906225}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D4272EF-A606-484E-B976-3AD40F7DA2B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F777D12-8A59-4506-A88E-8A7B524A3FD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40D2E95A-84B2-4528-B83B-A6A3C464CB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{417450DC-9FD1-4599-BA54-7591156F921C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42B28D1F-6E1F-4D76-86D8-0FCD236600B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{441E14B6-9CBF-498B-B517-F4CDDAEB9782}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44C93374-DDBD-4130-AC3F-C5F82FDDC077}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{494D9E92-CFBE-4B44-87E2-A151044CFD36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B2C9D8D-67D2-4BC5-9CCD-0B0807C67F9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C9B42FC-BEBC-4564-80A7-198C01DA2741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F7D9C3B-2D00-4AB4-B544-FA3BA2993400}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{539E9B63-E04E-45D2-8444-286588E0CA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53E38EFD-6D8F-4B5C-88BD-A17FD0F317AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5400E35D-A0D0-4C1E-8040-6F847EA9FC82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5580D5B1-6A57-4407-878B-6D7003EEF10A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55C1B382-5F59-422B-BAFE-A79C9A864309}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5853C36A-2A6E-4264-9354-F83F856CD296}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A75B3E2-CAA8-4E9D-95A4-D8F46BB59F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A8BF274-093A-4DA0-B976-72A064B8431A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5EAFB1ED-FA1C-40F0-8FC7-8729D68037D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6078B204-0CBA-4674-8CF8-BE3502C51D10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{610A7200-3C1C-4EE1-8338-31A22A1F0C2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6153D313-A63F-46F4-98FD-BA05488456DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{639E8D61-C4EA-4430-ABA2-8D66E5120A7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6845AD6A-D4DE-4EA7-8EFF-DCD320C02AA8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{68C42A92-6C1D-473E-98E2-CF361989AD1D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6969C53E-9756-4451-9BBA-E7AFBBCD1027}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C0FF956-6777-4E03-91F9-2A88623C5566}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E5D37EC-0CDF-406E-8178-39381599BDFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F1A3581-EB67-46C1-AA51-DB9B91477C8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71A10788-6954-46D6-BB51-542DA1CAC661}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7219A70D-97D6-4F99-A255-8F1E54F2F641}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77AB6AC1-4E28-49EB-859C-2073C3D09FAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78463CE7-A8FD-4A20-AC03-38A1CF4ECA4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AD6A99A-6BEE-4954-BD13-A4FA3F0BA7FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B69938D-B473-47E0-8187-A75521E71E0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C6F4E95-5BB0-4A6D-854F-688405A212E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FF930C2-4360-4CAC-B66D-67A7C0A53C4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81B4D3B7-1242-4A1C-853C-40C7088F94A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85085BC1-DF26-494D-9250-09659643D2F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8847B6E3-F7C1-42FB-B0A9-82519B24429C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88CB35CB-BC56-48C5-9657-17F3421289C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89F11BB9-066B-4B91-BE3A-6BFC2E257A1B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8B7D9EBE-5847-4D85-8E6F-C056526845C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF2FBB5-6518-4608-980F-495081DCA12D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF64D44-53BD-42C1-869B-0B41F68A4B98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D0F220E-C0A0-41C9-A3A6-B42DF4753BF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D9ECB8D-2DA5-4E8C-8525-E828A4C72322}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8EE705A1-4B77-43CF-821F-B71E6813581F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90FA5794-863B-4DBE-A05E-BF3D42968AB2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{916AE8C2-C684-48E8-BCA7-32A79519D14B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{917A937B-C205-4779-A03F-202278BD4B8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9241B31E-9564-4C3F-B04B-07C40A9B1FA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95DF3F06-A430-46CA-A0CF-7E308B7D77D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{990AEEF3-68A0-49E1-BAA9-B655DDA9C13A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99FB38EF-1D11-46F0-8413-27DA9C8C4490}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AA65126-F40C-4642-8ADF-662E1B33032A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C347FD3-32B8-43E0-BCF2-A214C393383A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D09CA15-F97E-4CF9-89C0-2382443485B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A05DFCF2-4607-4D60-AA55-E08941A38F7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0A72F13-8885-4338-AD0F-9D4CFEB33D2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1309C64-1BC7-4757-AB11-593BB39952F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F7BB55-E72A-46E5-AED2-B40333D8014C}" = protocol=6 | dir=in | app=c:\program files\searchresults\dtuser.exe |
"{A29AA51C-9896-4E20-A186-DA7A51BEF3D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A50E5D61-DABE-49E5-804F-BA27142C23A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A595E4DB-A961-4350-8547-B81461E1A568}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5FBD9B8-AA65-41AF-B121-138E8AA7CE2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A609D763-183E-4B52-A106-A5EA3F62122E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A610899D-F3FE-48B8-9F77-0920FCEBFBB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A763B54B-B070-4FEA-AE88-A02387560069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A86FD5D6-E887-4256-94C1-0C3FF17AF394}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A898D290-2012-40A8-BEBB-612CD74128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A92D8D95-FA17-4F6F-8067-A8B79848F69C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA52C0E8-32DF-42FB-B7F0-57A8FB1BD254}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB4738BC-EB60-46F2-BD68-59110901064C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB74A990-F2F8-4A88-A0B2-DA87DC8C7333}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD1AF65D-1437-4B51-863D-32D71116D198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD6D9140-742B-4A20-88C0-BDD0745BF842}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD9F6197-9E7F-4C42-AF51-11E36E7D6BC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADDDC524-412F-49C9-BE5F-768B04B25F7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF57BAB-DF95-4426-9F4A-BCC895E22B43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFA22F12-B9AA-4EF9-AD9F-ACDAB25BF215}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B04C4ADB-242E-48D6-B9A3-BB65726BE364}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1D290B5-A07B-48C1-9CE6-7CD6448400F6}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{B3509134-AFB3-4D83-8AA7-B8BAA0203AE5}" = protocol=17 | dir=in | app=c:\program files\searchresults\dtuser.exe |
"{B8A60D3D-3985-4C3E-8ABE-9703656B1C1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B98E4CC7-C241-4EE3-9610-0B00ED986B84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE4FAD68-A582-42D6-A464-4ACCEAA5D178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0F44723-BCB8-472F-A544-2C32F3BC8FD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C240609B-5EAB-49E6-85E7-4A35DA0A75C7}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{C37BF209-69A5-4BF6-9731-4A3C50B6C0B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C589BD93-3FB0-4A17-8F5F-ED4011370EAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C66C353B-8628-4F18-A451-5123BB5F2842}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7D365A9-58B4-4F73-997F-491E704CDB2C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9B10B7F-3EE2-405E-A347-EB5061B72BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCB2B425-E48B-40BD-B7A1-8FCA8382E90C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCCFC6B3-7B28-43FC-BF3E-44266490F31B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE049A67-F730-41C3-9A22-33C0FB15AEF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE4FA780-F595-4E63-9645-5848C9FB64B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE85481C-FE52-4FA6-B3F8-DE716A74C728}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2145606-0580-43C4-ABC8-390C6FCE4D80}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D3B6FEA3-EE00-4B10-A855-3F09C03FA67E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4877C60-D7C0-48DF-B6C0-26EFA6C6A3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5B4E463-A1B8-46A2-80DA-135C6F5F3128}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5F48CEB-1FD6-4197-946A-EA903A25BBB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7789641-4FDA-4BA1-9E5E-F810B635EAE9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D7D5EB1B-B491-44BD-ABC1-7ACF6E434681}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8FDA109-7985-450E-9412-AD693836EF0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9709303-9218-46B1-B909-9EC432B13C86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA1A75B7-D99D-4356-940B-70C10829F783}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB06A44B-35C4-45C8-90B0-B588D14EADB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB3DC97D-72F1-435B-9896-F912DFF9B17F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBBFF490-CFF7-4901-B442-17BC50E63EF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC1E8867-F10D-4046-8F37-CC56DBE0DD98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC273605-DA66-4E6A-AD39-611D3EE749E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE97EDAD-A47F-4DCF-9117-83F9C05A77D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF5A4537-4813-41AC-B36D-D097929BCC7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFC6DDAB-0505-4552-AFBF-BEEFD12BD3E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E153A445-0887-41E6-8B3A-52FE2F176143}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E251E566-E2BA-410A-B67A-23F8C38BBC07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4BD6E8E-B42F-48BB-AD13-51B14DFDB74A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5C69D31-6A25-4126-8D9B-6F7ECA266CAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E73AC30F-90F7-4A82-9D12-5F6AC57A026B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E91D2832-5576-4F26-B650-8E6C05A3CC54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA048B8C-B2DE-44CD-9E15-B67212ED16A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED782863-3DED-4AB6-920B-42312D6BCE04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE237F97-D02C-416E-814B-EAA14A294ECD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F23BA6A6-3D3E-43A4-9586-5428DE816D2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3894DFA-AE2B-4393-9244-9263E2B0B9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F401F0D3-F27F-4E4A-A0A7-4797B4911F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4BEA9B1-A11F-4F64-B3BA-22B4D79FEDC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5F91524-BB6C-434C-ADD2-C54616A7FC4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5FE373F-238D-4D14-BDA1-9EDFC943260A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6CC927C-B9D8-48D6-BA5A-65D81D0C27ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6E6167C-1B92-4B6F-AB27-B9344D51288C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7A9EF25-FC83-430A-A666-1AF070B2A817}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8226932-11E7-4B19-B55B-8C14803E3FCA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F92ADEA2-46A2-4139-B588-1FC5B49C5826}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FC6BFCAC-2683-4676-B99A-EC445BDF8E77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD4B9DC7-C801-4126-85F1-143FB2BB1063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDF8FE52-3641-4250-9CFC-3B271BA11F71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0999D5A9-2AF8-47C2-BB2E-AF7F7BBDF71C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{0FF2D284-DCD6-436D-8E52-F603DAF28D23}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{511E190D-155B-4EAD-BD11-ECE65ACCB7C0}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe |
"TCP Query User{65F0DA6E-7EB5-42AA-AC69-9D71154C6A76}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{684E7C50-248F-46BA-8B7C-0AD9908DFEB9}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{691F82F6-202A-4C8A-AC8D-EE3836C391AA}C:\users\surgery\appdata\local\temp\lmic88d.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\surgery\appdata\local\temp\lmic88d.tmp\lmi_rescue.exe |
"TCP Query User{69F8BD00-9A74-41B1-B7E6-3779FE165B28}C:\users\shay\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\shay\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"TCP Query User{A25FAAA6-5771-429B-8D07-754BFDDB6646}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A4F9DD5B-AFAB-4EC2-9B8F-B01AEA3FD619}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B978353F-DAD5-43EF-9EF2-587707C19FAC}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe |
"TCP Query User{BFF3079C-D7B8-442A-9BB2-139CC752D0AB}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{C2D8CAF5-A854-441A-8DF6-735817D22D64}C:\users\shay\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\shay\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"TCP Query User{FEDDEFC7-01C9-4514-A47A-D98B3A1F5053}C:\users\surgery\appdata\local\temp\lmie4f2.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\surgery\appdata\local\temp\lmie4f2.tmp\lmi_rescue.exe |
"UDP Query User{0816121B-B559-47EE-8082-1CAD86AE02E0}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe |
"UDP Query User{0E47D888-2D37-4F29-A21C-77E06C54C30F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1E344974-87F2-43DB-BC1B-EC9F76092793}C:\users\surgery\appdata\local\temp\lmie4f2.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\surgery\appdata\local\temp\lmie4f2.tmp\lmi_rescue.exe |
"UDP Query User{249C4F0F-D68C-4E68-9DEF-2F908CDF8722}C:\users\surgery\appdata\local\temp\lmic88d.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\surgery\appdata\local\temp\lmic88d.tmp\lmi_rescue.exe |
"UDP Query User{2EE0BE7A-BC3C-40B2-B7FC-AC1EAE4194FF}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe |
"UDP Query User{4EF93B22-DA60-42C2-BECD-E1BB79A0918B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B5BCEAD-07CC-44F1-BF77-65C8DEBFC459}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5D4AE46B-E840-4066-A791-097B4B4916A7}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{73A99B12-CBA4-4386-9CA0-FE76D2489F04}C:\users\shay\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\shay\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"UDP Query User{93861F13-F458-4E2E-B6A7-92C92116C882}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CCF0B4EF-CB7F-44EB-A545-A82A40E71D74}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D2BB52BE-0CC0-492D-A306-E126749C28CC}C:\users\shay\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\shay\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"UDP Query User{F94AEEEA-0910-4E81-A945-58D46C8C4545}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08B857DF-E6F9-4283-853A-4F329CC09A4F}" = ESET NOD32 Antivirus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1261B07E-88EB-42ED-B356-3D921EE91D90}" = Canon Utilities Digital Photo Professional 1.6
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EB44B16-05EF-42FD-9300-A85CDEF60864}" = Free Word Excel Password Wizard
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3929824B-9502-4A02-B3F6-B9D2CD0CE617}" = Hofmann 7.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{5662C158-CA24-4228-BF6C-596FADA08682}" = Camera Support Core Library
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D17E13B-FEBE-4E5F-B99A-AAF33794BC2F}" = Big Red Book Accounts v4
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96040872-110D-4D38-AAF4-CAD66F340E21}" = LogMeIn Ignition
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Help
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51E24A4-B1E2-4B51-9217-F3FD6F4334D2}" = HP Deskjet 3070 B611 series Basic Device Software
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CCleaner" = CCleaner
"Easy MP3 Cutter_is1" = Easy MP3 Cutter 2.9
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"FreeTorrentViewer" = FreeTorrentViewer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1261B07E-88EB-42ED-B356-3D921EE91D90}" = Canon Utilities Digital Photo Professional 1.6
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}" = Canon Camera Support Core Library
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Thesaurus 2010 Payroll" = Thesaurus 2010 Payroll Standard Version
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.0
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Word Password Recovery Master_is1" = Word Password Recovery Master 3.5
"Yahoo! Messenger" = Yahoo! Messenger
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1379762275-1066828835-1910331368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/14/2011 3:01:55 AM | Computer Name = Shay-TOSH.surgery.local | Source = MsiInstaller | ID = 11314
Description =
 
Error - 9/24/2011 1:10:12 PM | Computer Name = Shay-TOSH.surgery.local | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.186, time
 stamp: 0x4e77dea9  Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7b96e  Exception code: 0xc0000374  Fault offset: 0x000c37b7  Faulting process
 id: 0x2774  Faulting application start time: 0x01cc7adc86a2d1b4  Faulting application
 path: C:\Program Files\Google\Chrome\Application\chrome.exe  Faulting module path:
 C:\Windows\SYSTEM32\ntdll.dll  Report Id: 0ff7d31e-e6d0-11e0-a762-705ab68673d7
 
Error - 10/11/2011 3:24:28 PM | Computer Name = Shay-TOSH.surgery.local | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x8004FE2C
 
Error - 10/11/2011 3:24:28 PM | Computer Name = Shay-TOSH.surgery.local | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0x8004FE2C) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error - 10/14/2011 11:20:54 PM | Computer Name = Shay-TOSH.surgery.local | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 78c    Start
 Time: 01cc8adc952ce206    Termination Time: 0    Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report
 Id:  
 
Error - 11/4/2011 8:13:41 PM | Computer Name = Shay-TOSH.surgery.local | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 15.4.3538.513 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: c14    Start
 Time: 01cc9ac6a28fccd9    Termination Time: 0    Application Path: C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe    Report Id: fa3fdd75-0742-11e1-9ef6-705ab68673d7 
 
Error - 11/12/2011 2:19:52 PM | Computer Name = Shay-TOSH.surgery.local | Source = Application Error | ID = 1000
Description = Faulting application name: wlcomm.exe, version: 15.4.3538.513, time
 stamp: 0x4dcda787  Faulting module name: PresenceIM.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4dcdb16e  Exception code: 0xc0000005  Fault offset: 0x69a315d0  Faulting
 process id: 0x14fc  Faulting application start time: 0x01cca161eec5c36e  Faulting application
 path: C:\Program Files\Windows Live\Contacts\wlcomm.exe  Faulting module path: PresenceIM.dll
Report
 Id: e98b6c16-0d5a-11e1-9372-705ab68673d7
 
Error - 11/12/2011 7:12:42 PM | Computer Name = Shay-TOSH.surgery.local | Source = MsiInstaller | ID = 11606
Description =
 
Error - 11/12/2011 7:12:42 PM | Computer Name = Shay-TOSH.surgery.local | Source = MsiInstaller | ID = 11606
Description =
 
Error - 11/13/2011 6:22:30 PM | Computer Name = Shay-TOSH.surgery.local | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.120 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 9ec    Start
 Time: 01cca22b34069080    Termination Time: 16    Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report
 Id:  
 
[ System Events ]
Error - 1/6/2013 7:11:32 PM | Computer Name = Shay-TOSH.surgery.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain SURGERY due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 1/7/2013 3:40:24 AM | Computer Name = Shay-TOSH.surgery.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain SURGERY due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 1/7/2013 2:34:51 PM | Computer Name = Shay-TOSH.surgery.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain SURGERY due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 1/7/2013 2:34:52 PM | Computer Name = Shay-TOSH.surgery.local | Source = DCOM | ID = 10010
Description =
 
Error - 1/7/2013 4:24:12 PM | Computer Name = Shay-TOSH.surgery.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 1/8/2013 4:41:58 PM | Computer Name = Shay-TOSH.surgery.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain SURGERY due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 1/8/2013 4:42:43 PM | Computer Name = Shay-TOSH.surgery.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 1/8/2013 5:19:31 PM | Computer Name = Shay-TOSH.surgery.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain SURGERY due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 1/8/2013 5:20:13 PM | Computer Name = Shay-TOSH.surgery.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 1/8/2013 5:21:07 PM | Computer Name = Shay-TOSH.surgery.local | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/9/2013 12:45 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
It seems that your hosts file is invaded by someone suspicious addresses, which can very easily be the cause of problems
 
 
 
 
We need to run an OTL Fix

  • Please reopen OTL on your desktop.
  • Copy and Paste the following in bold  into the  Custom Scan textbox.
:OTL 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll File not found
O3 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\Toolbar\WebBrowser: (no name) - {0FC85F5D-6207-4515-A490-45A549D285C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1379762275-1066828835-1910331368-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [autoauto] C:\Windows\System32\c.bat ()
 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
(Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:Files 
ipconfig /flushdns /
:Commands 
[purity] 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
      [EMPTYFLASH]
 
To prevent interference, temporarily disable your antivirus, antispyware, and other security tools that may be running on your computer.
 
 
  • Push  Run Fix Button
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click OK.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
 
 
 And save to the desktop.
 
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Irishguy 7
New Member


Date Joined Jan 2013
Total Posts : 4
 
   Posted 1/9/2013 11:08 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
Thank you, I enclose the 2 logs
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa63398e-322b-4833-9af3-15837ad12138}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa63398e-322b-4833-9af3-15837ad12138}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fa63398e-322b-4833-9af3-15837ad12138} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa63398e-322b-4833-9af3-15837ad12138}\ not found.
Registry value HKEY_USERS\S-1-5-21-1379762275-1066828835-1910331368-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0FC85F5D-6207-4515-A490-45A549D285C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FC85F5D-6207-4515-A490-45A549D285C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1379762275-1066828835-1910331368-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autoauto deleted successfully.
C:\Windows\System32\c.bat moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c  >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shay\Desktop\cmd.bat deleted successfully.
C:\Users\Shay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Shay
->Temp folder emptied: 1750809 bytes
->Temporary Internet Files folder emptied: 83529921 bytes
->Java cache emptied: 9406257 bytes
->Google Chrome cache emptied: 109704495 bytes
->Flash cache emptied: 58413 bytes
 
User: surgery
->Temp folder emptied: 776623 bytes
->Temporary Internet Files folder emptied: 64325352 bytes
->Flash cache emptied: 42909 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79370 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 257.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Shay
->Flash cache emptied: 0 bytes
 
User: surgery
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_193607
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

COMBOFIX LOG
ComboFix 13-01-08.01 - Shay 09/01/2013  19:48:34.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.353.1033.18.2909.1622 [GMT 0:00]
Running from: c:\users\Shay\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\v.vbs
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-09 to 2013-01-09  )))))))))))))))))))))))))))))))
.
.
2013-01-09 19:56 . 2010-03-09 20:47 5283152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F25AF3A3-962F-4AEE-8909-B936886E5CE7}\mpengine.dll
2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\users\surgery\AppData\Local\temp
2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 19:36 . 2013-01-09 19:36 -------- d-----w- C:\_OTL
2013-01-09 19:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0606E4BF-B553-43FB-8F59-C831F446B3DF}\mpengine.dll
2013-01-06 19:00 . 2013-01-06 19:00 -------- d-----w- c:\program files\Trend Micro
2013-01-06 18:54 . 2013-01-06 18:54 -------- d-----w- c:\program files\Common Files\Java
2013-01-06 18:54 . 2013-01-06 18:53 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 14:33 . 2013-01-05 14:33 -------- d-----w- c:\program files\CCleaner
2013-01-05 08:30 . 2013-01-05 08:30 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-01-05 08:30 . 2013-01-05 08:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-05 08:29 . 2013-01-05 08:29 -------- d-----w- c:\program files\Toolbar Cleaner
2012-12-30 15:18 . 2012-12-30 15:18 -------- d-----w- c:\users\Shay\AppData\Local\Programs
2012-12-21 06:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 06:20 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:19 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:43 . 2012-03-31 01:31 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:43 . 2011-05-18 21:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-06 18:53 . 2012-10-23 06:34 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-14 16:49 . 2012-10-17 02:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 06:33 . 2011-03-13 15:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-17 19:16 . 2012-07-05 21:18 14664 ----a-w- c:\windows\stinger.sys
2012-10-16 07:39 . 2012-11-27 18:39 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-26 1324384]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-06 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-11-27 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Shay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BFAIFILT;BFAIFILT;c:\windows\system32\Drivers\bfaifilt.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 LMIGuardianSvc;Support LogMeIn processes with quality assurance feedback;c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:44]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 21:56]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 21:56]
.
2013-01-08 c:\windows\Tasks\ReclaimerUpdateFiles_Shay.job
- c:\users\Shay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 22:57]
.
2013-01-08 c:\windows\Tasks\ReclaimerUpdateXML_Shay.job
- c:\users\Shay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 22:57]
.
2013-01-09 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Shay.job
- c:\users\Shay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bubbleshooter.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
HKU-Default-Run-TOSHIBA Online Product Information - c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1379762275-1066828835-1910331368-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{570FCB08-C562-C05F-29F0-99CA49D09F25}*]
"hagicefndmndhhli"=hex:6a,61,70,70,70,6e,64,6a,70,70,65,69,6a,6b,64,70,68,69,
   6e,70,00,00
"ganjbghnldnkpg"=hex:61,63,69,70,68,6d,6b,6a,62,63,6d,62,6f,65,69,63,66,61,6d,
   6e,70,66,70,61,63,6f,6b,66,62,67,62,68,68,66,6c,6d,69,6b,65,67,61,68,6c,61,\
"iaiiaeifgjlcipmeme"=hex:6a,61,70,70,70,6e,64,6a,70,70,65,69,6a,6b,64,70,68,69,
   6e,70,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
**************************************************************************
.
Completion time: 2013-01-09  20:02:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-01-09 20:02
.
Pre-Run: 168,406,171,648 bytes free
Post-Run: 168,284,450,816 bytes free
.
- - End Of File - - 709A5DA627925EFD84179E3562E1ACEC
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/12/2013 10:26 AM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
Looks fine to me, how do things behave on your computer ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Irishguy 7
New Member


Date Joined Jan 2013
Total Posts : 4
 
   Posted 1/12/2013 5:06 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
The problem I have is that when I run Google Chrome browser that pop up windows (http://ad.directrev.com/RealMedia/ads/adstream_sx.ads/S0000481/1%5brandomNo%5d@x10) appear when I click a link. This happens all of the time and the browser often freezes. Drop down menus that are used on pages do not work. Even on this forum I cannot use the submit when I use Chrome and I have to post the replies in Internet Explorer browser.
 I uninstalled and reinstalled Chrome but there was no difference.
The problem does not happen with Internet Explorer.
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/14/2013 12:41 PM (GMT +3)    Quote: Help for IrelandAlert an admin about: Help for Ireland
That´s annoying   rolleyes
 
 
See if Chrome adblock can do the trick.......
https://adblockplus.org/en/chrome


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Post reply to : Help for Ireland Printable version of : Help for Ireland
 
Forum Information
Currently it is Friday, April 25, 2014 4:49 AM (GMT +3)
There are a total of 60,380 posts in 13,279 threads.
In the last 3 days there were 5 new threads and 12 reply posts. View Active Threads
Who's Online
This forum has 35792 registered members. Please welcome our newest member, dulc88.
1 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Kitchen Design Lancashire Reviews (1)4/25/2014 1:22:36 AM (VegemiteKid)
Bullguard not shutting off Windows Firewall (2)4/25/2014 1:18:30 AM (VegemiteKid)
HOW TO REMOVE WIN32:SALITY VIRUS (3)4/25/2014 1:02:27 AM (dulc88)
Fitted Kitchens Glasgow (0)4/24/2014 4:15:09 PM (Tambah)
Stil Haus Kitchens Vance Miller (0)4/24/2014 12:22:24 PM (seneennn9)