Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

win/32sirefef.AN Trojan Virus

  • 12-09-2012 1:19pm
    #1
    Registered Users, Registered Users 2 Posts: 882 ✭✭✭


    Can anybody help me get rid of this Trojan virus? I keep clearing it out with Windows Defender but it keeps coming back as it is hidden deep in the computer, I fear i may have to remove it manually can anyone help?


Comments

  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭fr wishy washy


    Its ok guys I tried this Super anti spyware software and it did the trick, ran it in safe mode and cleaned the virus out, hopefully it won't be back or I'll be on again. Thanks.



    http://answers.yahoo.com/question/index;_ylt=AjOiqAwaFGKzJHi7VbGwbPYjzKIX;_ylv=3?qid=20120720032158AAL1R2j


  • Registered Users Posts: 10 seannn2


    ASJ112 wrote: »
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


    Hi, this is fr wishy washy im on my own laptop now, heres the two documents you asked for, the virus is back can you please help!!


    OTL.TXT
    ____________________________

    OTL logfile created on: 13/09/2012 11:29:41 - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\O'Briens\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.91 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 28.40% Memory free
    3.82 Gb Paging File | 1.62 Gb Available in Paging File | 42.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 93.97 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
    Drive D: | 148.65 Gb Total Space | 137.32 Gb Free Space | 92.38% Space Free | Partition Type: NTFS
    Drive E: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 632.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OBRIENS-TOSH | User Name: O'Briens | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/13 11:29:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\O'Briens\Downloads\OTL.exe
    PRC - [2012/09/13 11:24:26 | 000,856,160 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    PRC - [2012/09/13 11:24:23 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/09/04 15:32:42 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/08/30 17:07:12 | 007,165,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    PRC - [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/05/17 00:31:36 | 000,214,528 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Apwyqu\iwnoo.exe
    PRC - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2010/08/16 10:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/13 11:24:26 | 000,856,160 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    MOD - [2012/09/13 11:24:23 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/09/04 15:32:50 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
    MOD - [2012/09/04 15:32:47 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
    MOD - [2012/08/30 03:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
    MOD - [2012/08/30 03:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    MOD - [2012/08/30 03:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    MOD - [2012/08/30 03:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
    MOD - [2012/08/30 03:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll
    MOD - [2012/08/30 03:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
    MOD - [2012/08/30 03:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
    MOD - [2012/08/30 03:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
    MOD - [2012/05/17 00:31:36 | 000,214,528 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Apwyqu\iwnoo.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/10 10:16:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/06 02:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/04 15:32:42 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/08/15 15:14:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
    SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/04 15:32:47 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/08/10 04:52:38 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/10 04:52:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/08/09 13:56:34 | 000,060,768 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/08/09 13:56:20 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/08/08 16:13:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/26 15:34:32 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/13 19:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBiterror.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={9CF98FD2-1041-40F5-B682-D17FFCA16E0B}&mid=4653234bdf2d41c885d5f8045efa5169-b7e73ad2a62d43d613fc460bef67758a1e824047&lang=en&ds=hk013&pr=sa&d=2012-07-12 21:37:49&v=12.2.5.32&sap=hp
    IE - HKCU\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBiterror.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{2BD5246E-991F-4E5A-B13E-8AD6E74A9201}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6721FE52-E776-4D1D-836E-137CD59D8E8A&apn_sauid=FB1C6DBA-CEF1-41CA-B5C1-0EF5D25190E0
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enIE480IE481
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={9CF98FD2-1041-40F5-B682-D17FFCA16E0B}&mid=4653234bdf2d41c885d5f8045efa5169-b7e73ad2a62d43d613fc460bef67758a1e824047&lang=en&ds=AVG&pr=fr&d=2012-09-13 11:24:24&v=12.2.5.34&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQDgOEM9p&i=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "BitTorrentControl_v12 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid={032d3847-6014-417b-a5fa-3dc5bb02c2ec}&mid=4653234bdf2d41c885d5f8045efa5169-b7e73ad2a62d43d613fc460bef67758a1e824047&ds=hk013&v=11.1.0.12&lang=en&pr=sa&d=2012-07-12 21:37:49&sap=hp"
    FF - prefs.js..extensions.enabledAddons: 4fff29904dcb0@4fff29904dce9.info:1.0
    FF - prefs.js..extensions.enabledAddons: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={032d3847-6014-417b-a5fa-3dc5bb02c2ec}&mid=4653234bdf2d41c885d5f8045efa5169-b7e73ad2a62d43d613fc460bef67758a1e824047&ds=hk013&v=12.2.5.32&lang=en&pr=sa&d=2012-07-12 21:37:49&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\O'Briens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\O'Briens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\O'Briens\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/07/12 20:56:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/12 20:56:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/13 11:24:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 19:19:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/04/19 21:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Extensions
    [2012/08/27 16:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\extensions
    [2012/08/27 16:41:58 | 000,000,000 | ---D | M] (BitTorrentControl_v12 Community Toolbar) -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
    [2012/07/12 20:56:17 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\extensions\4fff29904dcb0@4fff29904dce9.info
    [2012/07/12 20:56:39 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\extensions\ffxtlbr@incredibar.com
    [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\searchplugins\askcom.xml
    [2012/08/07 01:10:04 | 000,000,945 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\searchplugins\conduit.xml
    [2012/07/12 20:56:25 | 000,002,203 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Mozilla\Firefox\Profiles\az46s7wd.default\searchplugins\MyStart Search.xml
    [2012/09/08 19:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/04 15:32:55 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
    [2012/09/13 11:24:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34\
    [2012/09/06 02:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/13 11:24:22 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/06 02:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={9CF98FD2-1041-40F5-B682-D17FFCA16E0B}&mid=4653234bdf2d41c885d5f8045efa5169-b7e73ad2a62d43d613fc460bef67758a1e824047&lang=en&ds=hk013&pr=sa&d=2012-07-12 21:37:49&v=12.2.5.32&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\O'Briens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - Extension: BitTorrentControl_v12 = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\
    CHR - Extension: Web Assistant = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\
    CHR - Extension: DownloadnSave = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlghlecgacmeipakebkelhkklemkgnnp\1.0_0\
    CHR - Extension: AVG Secure Search = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
    CHR - Extension: AVG Secure Search = C:\Users\O'Briens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (DownloadnSave Class) - {075034F6-6D67-6B34-1F56-34153FD98BB4} - C:\ProgramData\DownloadnSave\bhoclass.dll ()
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBiterror.dll (Conduit Ltd.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBiterror.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
    O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
    O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\O'Briens\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
    O4 - HKCU..\Run: [Upovh] C:\Users\O'Briens\AppData\Roaming\Apwyqu\iwnoo.exe ()
    O4 - Startup: C:\Users\O'Briens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50594535-747C-4CA8-AAB2-82F25FB46CD2}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/01 16:44:27 | 000,000,225 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/08/26 01:24:33 | 001,003,520 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/07/13 21:14:15 | 000,000,161 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell - "" = AutoRun
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2006/08/26 01:24:33 | 001,003,520 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell\setup\command - "" = F:\setup.exe -- [2006/09/13 20:23:55 | 000,253,952 | R--- | M] (Microsoft Game Studios )
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\directx\command - "" = E:\directx9\DXSETUP.exe -- [2005/05/26 23:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- [2005/09/19 23:04:52 | 000,253,952 | R--- | M] (Microsoft Game Studios )
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/13 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\AVG2013
    [2012/09/13 11:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/09/13 11:24:29 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\TuneUp Software
    [2012/09/13 11:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/09/13 11:23:14 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/09/13 11:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/09/13 11:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/09/13 11:21:00 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Local\MFAData
    [2012/09/13 11:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/09/13 11:21:00 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Local\Avg2013
    [2012/09/12 14:32:03 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\SUPERAntiSpyware.com
    [2012/09/12 14:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/09/12 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/09/12 14:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/09/08 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/04 15:32:47 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/04 14:04:28 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\Documents\Command and Conquer Generals Zero Hour Data
    [2012/09/04 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\Documents\Command and Conquer Generals Data
    [2012/09/04 13:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
    [2012/09/04 13:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
    [2012/09/02 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Unity
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Houmez
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Giom
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Apwyqu
    [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\O'Briens\Documents\*.tmp files -> C:\Users\O'Briens\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/13 11:34:12 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/13 11:34:12 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/13 11:25:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/13 11:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/13 11:25:39 | 1538,072,576 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/13 11:24:33 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
    [2012/09/13 11:24:30 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/09/13 11:14:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/13 10:54:52 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/12 21:17:03 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-810315185-2589016883-3433847071-1000UA.job
    [2012/09/12 14:48:11 | 000,002,042 | ---- | M] () -- C:\Users\O'Briens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    [2012/09/11 09:06:37 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-810315185-2589016883-3433847071-1000Core.job
    [2012/09/08 19:58:01 | 000,001,261 | ---- | M] () -- C:\Users\O'Briens\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/08 19:19:34 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/04 15:32:47 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/04 15:31:21 | 000,275,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/04 14:02:57 | 000,000,982 | ---- | M] () -- C:\Windows\eReg.dat
    [2012/09/04 13:56:10 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
    [2012/09/04 13:37:36 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals.lnk
    [2012/09/03 19:22:14 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/09/03 01:10:23 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/30 16:15:08 | 000,779,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/30 16:15:08 | 000,665,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/30 16:15:08 | 000,125,670 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/29 11:15:44 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
    [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\O'Briens\Documents\*.tmp files -> C:\Users\O'Briens\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/13 11:24:33 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
    [2012/09/13 11:24:30 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

    [2012/09/08 19:19:34 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/08 19:19:34 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/04 13:56:10 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
    [2012/09/04 13:47:54 | 000,000,982 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/09/04 13:37:36 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer Generals.lnk
    [2012/09/03 19:22:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/08/29 11:15:44 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk






    [2012/07/08 17:51:26 | 000,765,244 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    [2011/12/26 15:58:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2011/12/26 15:43:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/04/04 20:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/04 20:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/04 20:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2010/11/09 12:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

    ========== LOP Check ==========

    [2012/08/27 13:54:09 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Apwyqu
    [2012/09/13 11:24:45 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\AVG2013
    [2012/08/09 01:33:46 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\BitTorrent
    [2012/08/08 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\DAEMON Tools Lite
    [2012/07/18 22:50:45 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Electronic Arts
    [2012/09/13 00:57:46 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Giom
    [2012/08/27 13:54:09 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Houmez
    [2012/08/08 13:48:29 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Nemomee
    [2012/09/08 19:58:05 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Opera
    [2012/07/12 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\SendSpace
    [2012/08/27 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\SoftGrid Client
    [2012/07/27 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Sports Interactive
    [2012/04/20 12:51:38 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Toshiba
    [2012/04/19 21:04:56 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\TOSHIBA Online Product Information
    [2012/07/08 17:52:51 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\TP
    [2012/09/13 11:24:29 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\TuneUp Software
    [2012/09/02 15:06:07 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Unity
    [2012/08/27 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Utefalo
    [2012/05/03 10:43:12 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\WinBatch
    [2012/09/11 09:06:37 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-810315185-2589016883-3433847071-1000Core.job
    [2012/09/12 21:17:03 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-810315185-2589016883-3433847071-1000UA.job
    [2012/09/12 10:08:26 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/09/13 11:24:33 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

    ========== Purity Check ==========



    < End of report >


  • Registered Users Posts: 10 seannn2


    ASJ112 wrote: »
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here



    Extras.txt
    ________________

    OTL Extras logfile created on: 13/09/2012 11:29:41 - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\O'Briens\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.91 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 28.40% Memory free
    3.82 Gb Paging File | 1.62 Gb Available in Paging File | 42.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 93.97 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
    Drive D: | 148.65 Gb Total Space | 137.32 Gb Free Space | 92.38% Space Free | Partition Type: NTFS
    Drive E: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 632.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OBRIENS-TOSH | User Name: O'Briens | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0851CEFF-DD7A-4776-AB94-A2C37050ACAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2F980BC3-FC3B-40FA-B1D9-41200887C6AD}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{35BDDA23-3509-47C8-94E1-352503435D2C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3C3FF60F-0B42-4799-856D-4225C26F0AD2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{472DB398-146C-4641-9EE8-C5BEA4D018D0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{479E8641-36E5-48F1-B00F-96B2E27849EC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4FFD8BBC-4C46-4E67-A618-A370537BB653}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{58D40C63-C08B-4A3F-AB10-4011AEC07890}" = rport=445 | protocol=6 | dir=out | app=system |
    "{629F0965-AED7-44B5-976F-F3DC89524D5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{804C480E-65F3-4EBC-A90D-C09183587D97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97EB2F6B-B2A0-492E-97C8-D252D004E94E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A6123E1B-687D-4311-9010-826917FE88B3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A622804F-F8B1-4B8A-B2AB-EDE5765A80F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A7F1B629-D4B1-4414-85A2-B09A2AF90025}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{A86BC43A-042C-49D2-9C39-6E3A6D755CFB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BFAEE293-2C9F-4217-ADE7-639C7F26C39A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{CDCF15A0-CFEA-49AE-869F-91EC611CC663}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E0F0EBF6-E1DD-4114-9DBB-EF53E7DCABF1}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E5E04942-DF39-4F50-8EEA-4992C5448C72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EF9D5841-3D76-4945-99E6-944D619025EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F5CDFB4C-A531-49B7-862C-08FEB823E47F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F641B9AE-353B-4017-AA31-1A26ECE7B89A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FC894EC6-3FB7-413C-82CD-AD7589BA5129}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02AF9B7B-4F0C-4FA7-AD41-A98C2E8A4CBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{03F2D0EE-5809-487D-B63E-9DB3A5BD0F1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{115A54D5-4CEE-49E2-B060-DF381223C231}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2011\fm.exe |
    "{210E95A4-BE03-4CE4-BE9A-39E14006C83D}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
    "{25DFD1C4-E968-4723-8C2A-41C5E7BA2BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
    "{26066D0A-720A-4109-9585-D19C2A416C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{352F253A-A79E-4CAD-BAB6-363B05C59C08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3784936F-5629-48A4-BA91-B8645258AAD8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{38F24BD3-243D-48F0-9B57-D4629E4C69F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{3A558E27-16F0-48D5-9C16-AC3AA90D21A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3F398733-B648-4844-8284-75DACA09975C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{48F596BA-F605-4FB5-B790-F53730E32980}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{4AA5B9F5-4EC8-4FD1-A1F2-300206B69FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{4DA21B49-C175-4C14-9359-17322DA28A77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{54F7865B-D8D6-443D-9C48-34994220E00A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{57635DC1-7957-467D-925F-E7D08F6B7834}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{581CF21E-E91A-4A50-9BA9-B68F9568F655}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{61D0E7A6-963B-4E1E-90C6-4F388922B0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{6869744E-8C11-4D9E-96B9-53499499384C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{6E581AC1-00D2-462D-AE63-ECD4AA78FCB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{70E88FF7-364B-4405-B27A-5E1630037C2F}" = protocol=6 | dir=out | app=system |
    "{743520EB-F197-44D4-B13C-46EDD91688B7}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
    "{76784351-E733-4BE4-86AD-174072ABC5D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2011\fm.exe |
    "{7B0207DD-084C-4A77-8E29-2DFC768A9A23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{7F1EAD87-5872-4647-9199-0D9E3A1CD05B}" = dir=in | app=c:\users\o'briens\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{7F482541-F461-4D63-9667-4A2D22B97D9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
    "{8044EDD8-B90B-46EF-9E2D-225819987557}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{902A3794-7382-4466-A7CE-7C3871ECAD99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9223AB1A-95E7-4938-A263-377D91089739}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{92AC41A6-E4AD-47B9-93CC-286A76062C06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{947C1EDC-F239-4E2E-B3C1-AD29F9B2E2B3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{A415B04A-524D-45D5-9F8B-E43911314E28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
    "{A9D087C6-24E9-4CA1-BC15-697A746B0536}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
    "{AB2163C4-1BB0-48D9-8489-11B0B373706F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
    "{B4F35320-423B-43C8-8E9F-1201CCACE6F5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{B57E3B22-5AA4-4124-A43F-518E8B697EFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{BE3ABAEE-812C-49AC-8ECC-B89E4694F6F3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{BF746B8A-2EAD-4465-8207-57BD758802A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
    "{C080B423-54FD-4D44-81A5-2977503E33D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C3F2A37C-C679-4F23-89F9-4324DEDABFD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{C582607F-6142-4AFE-9690-DF9EDF7335E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
    "{C910E0A7-B8BB-4577-9BDF-24F13DEAEB39}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{CDBB1A6F-D24E-4B00-A29D-52EE91170A54}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
    "{CFA3C451-67F5-4E48-B190-DDAB44BD8C5E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{D3778957-1428-4269-963A-8A4E6E4D917D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D68354BD-630F-49A7-9C70-73DA32E39BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{D846990F-2C94-4ACE-BD97-C1A035F38813}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D84D9FDE-F92A-4DD1-B0D5-B67F3A2751F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{DAE5CEE5-B46F-461C-AF66-495FF0D5B833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DCDDAA64-0AD9-4FF4-A60D-EF09417216D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{DD3544E2-0683-44CD-B8D2-B62F79E27FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{DDC71450-D6F4-4A48-9235-A0498AB1CC83}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{DF614A30-02A3-4DD8-90C1-B8EE0971DDBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E24BB565-446D-4BF4-BCCE-067E8E6E3379}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
    "{F23DDC39-588A-4684-8561-A111A4088C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{F3F71219-0357-439A-B486-197EE50F53A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
    "TCP Query User{289DA233-89C4-42C4-BBB5-82F181E8A9E8}C:\users\o'briens\appdata\roaming\utefalo\owahun.exe" = protocol=6 | dir=in | app=c:\users\o'briens\appdata\roaming\utefalo\owahun.exe |
    "TCP Query User{29CC34A1-5471-405A-8A0F-A0D1E1EB7688}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
    "TCP Query User{38E59DE5-B7E5-4161-B6B7-B24E937C1419}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{4367E993-B24D-49CF-B136-E9F27A235951}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "TCP Query User{4B3CC715-CCC0-4CCE-9CAB-7B4048D9E29E}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "TCP Query User{50B2007E-C37E-4BD7-BA53-3CB8099AF80B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{5307B791-A710-48E0-82C6-5734738F7095}C:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
    "TCP Query User{786981C4-154F-4474-A575-AE36FA15A8E0}C:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe" = protocol=6 | dir=in | app=c:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe |
    "TCP Query User{799428BF-3C01-45DF-A375-FC6545397875}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat |
    "TCP Query User{9D5CEC1B-5D39-456F-8EAB-EB940F1608BA}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{A3B9B194-C2D5-470A-9D58-DBA7DAEB5205}C:\users\o'briens\appdata\roaming\utefalo\owahun.exe" = protocol=6 | dir=in | app=c:\users\o'briens\appdata\roaming\utefalo\owahun.exe |
    "TCP Query User{EED4F12B-515F-4448-9BDC-039E6340CE09}C:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe" = protocol=6 | dir=in | app=c:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe |
    "UDP Query User{3CE6BA80-9F48-4229-B03A-B4179D410541}C:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe" = protocol=17 | dir=in | app=c:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe |
    "UDP Query User{3E70508F-B491-40B5-ACA1-A4A0D97E59F5}C:\users\o'briens\appdata\roaming\utefalo\owahun.exe" = protocol=17 | dir=in | app=c:\users\o'briens\appdata\roaming\utefalo\owahun.exe |
    "UDP Query User{45F57D12-75E8-476E-BC53-3BF8952607E0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{57DA05C9-6135-4C8F-BD9C-BA4EC4BE1B76}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "UDP Query User{5EC92AAF-D734-4BE7-BA95-2120D4ABE586}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{618E7B3D-75B1-408F-84F9-6C69A6AF82E6}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "UDP Query User{711FD79B-6BB2-4119-BD59-8E7488BBDF1D}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
    "UDP Query User{7B6E5B64-5D20-49ED-B7A0-54D99A7B21E6}C:\users\o'briens\appdata\roaming\utefalo\owahun.exe" = protocol=17 | dir=in | app=c:\users\o'briens\appdata\roaming\utefalo\owahun.exe |
    "UDP Query User{A747CCCD-B255-471F-A23D-7B061A66EAAE}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat |
    "UDP Query User{CBCF577A-A6B5-4647-91B5-E5F979CC9288}C:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
    "UDP Query User{EDD82929-5DA4-4856-856E-DB3D40FE1CB6}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "UDP Query User{F17231E7-2EFF-44E1-9F85-D8A96741A3BD}C:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe" = protocol=17 | dir=in | app=c:\users\o'briens\appdata\roaming\apwyqu\iwnoo.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
    "{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{7029D949-EC6B-4987-ACA8-CA34C025437B}" = AVG 2013
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{80A85269-B7D4-4081-903C-0F416E29B6A9}" = AVG 2013
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "AVG" = AVG 2013
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
    "{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
    "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
    "{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
    "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}" = DownloadnSave
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BattlEye A2 Free" = BattlEye (A2Free) Uninstall
    "BitTorrent" = BitTorrent
    "BitTorrentControl_v12 Toolbar" = BitTorrentControl_v12 Toolbar
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "incredibar" = Incredibar Toolbar on IE
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
    "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
    "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "JFK Reloaded" = JFK Reloaded 1.1
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Optimizer Pro_is1" = Optimizer Pro v3.0
    "PokerStars" = PokerStars
    "Steam App 34220" = Football Manager 2011
    "Steam App 47400" = Stronghold 3
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0c799fcb-d518-44b3-a4cc-fc3603d89d68" = Wedding Dash 2 - Rings Around the World
    "WTA-1a4cbbef-f873-4dbe-bda9-a21cd725d40c" = Diner Dash 2 Restaurant Rescue
    "WTA-2df016d9-d405-42be-9e2e-ccab1e0d5c79" = Slingo Deluxe
    "WTA-58a64713-558e-433c-8c59-e0607131ce6e" = Polar Bowler
    "WTA-5b12a08f-2795-4234-a610-ffe24a645d14" = Bejeweled 2 Deluxe
    "WTA-671e52a6-c4f7-40e7-b889-53cdf5ea016e" = Chuzzle Deluxe
    "WTA-72147025-d51b-4cea-9d84-293f4df26a4a" = FATE
    "WTA-77dcbad5-5cea-4a2d-abdf-aa2a62eb9212" = Insaniquarium Deluxe
    "WTA-780ad3cb-06a3-4ddc-9ecf-da03e49c0749" = Penguins!
    "WTA-78d0ee65-1101-4245-bf75-7d5b00fe6803" = Plants vs. Zombies - Game of the Year
    "WTA-bfa6bcf2-99b2-4b86-a591-607441d7c3c8" = Bejeweled 3
    "WTA-c439939e-cf6c-4dd3-a447-30bab37e6d57" = Chicken Invaders 3 - Revenge of the Yolk
    "WTA-c97e8e66-8f6d-40fa-b2fd-525b62a99388" = Final Drive: Nitro
    "WTA-f9d3560b-df83-4a5f-a426-d69f55b1cc37" = Zuma Deluxe

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 04/09/2012 16:49:01 | Computer Name = OBriens-TOSH | Source = WinMgmt | ID = 10
    Description =

    Error - 04/09/2012 16:57:53 | Computer Name = OBriens-TOSH | Source = CVHSVC | ID = 100
    Description = Information only. Error: BITS connection error Type: 150::InternetConnectionFailure.


    Error - 05/09/2012 08:53:19 | Computer Name = OBriens-TOSH | Source = WinMgmt | ID = 10
    Description =

    Error - 05/09/2012 08:53:25 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1000
    Description = Faulting application name: firefox.exe, version: 14.0.1.4577, time
    stamp: 0x5000b729 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000096 Fault offset: 0x0037000a Faulting process id: 0x4d0 Faulting application
    start time: 0x01cd8b655d308f46 Faulting application path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Faulting module path: unknown Report Id: ae1edbfd-f758-11e1-9ae2-dc0ea13764ce

    Error - 05/09/2012 08:53:25 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Firefox because of this error. Program: Firefox File: The error
    value is listed in the Additional Data section. User Action 1. Open the file again.
    This
    situation might be a temporary problem that corrects itself when the program runs
    again. 2. If the file still cannot be accessed and - It is on the network, your network
    administrator should verify that there is not a problem with the network and that
    the server can be contacted. - It is on a removable disk, for example, a floppy
    disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
    and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
    Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
    press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
    Determine whether other files on the same disk can be opened. If not, the disk might
    be damaged. If it is a hard disk, contact your administrator or computer hardware
    vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

    Error - 05/09/2012 08:55:14 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1000
    Description = Faulting application name: firefox.exe, version: 14.0.1.4577, time
    stamp: 0x5000b729 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000096 Fault offset: 0x001a000a Faulting process id: 0x13d0 Faulting application
    start time: 0x01cd8b65b0b1cb63 Faulting application path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Faulting module path: unknown Report Id: eecbd590-f758-11e1-9ae2-dc0ea13764ce

    Error - 05/09/2012 08:55:14 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Firefox because of this error. Program: Firefox File: The error
    value is listed in the Additional Data section. User Action 1. Open the file again.
    This
    situation might be a temporary problem that corrects itself when the program runs
    again. 2. If the file still cannot be accessed and - It is on the network, your network
    administrator should verify that there is not a problem with the network and that
    the server can be contacted. - It is on a removable disk, for example, a floppy
    disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
    and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
    Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
    press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
    Determine whether other files on the same disk can be opened. If not, the disk might
    be damaged. If it is a hard disk, contact your administrator or computer hardware
    vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

    Error - 05/09/2012 09:26:23 | Computer Name = OBriens-TOSH | Source = VSS | ID = 8194
    Description =

    Error - 05/09/2012 10:51:44 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
    stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
    id: 0xab4 Faulting application start time: 0x01cd8b75f6508fc5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\ProgramData\DownloadnSave\bhoclass.dll Report Id: 358a11ae-f769-11e1-9ae2-dc0ea13764ce

    Error - 05/09/2012 10:51:46 | Computer Name = OBriens-TOSH | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
    stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
    id: 0x644 Faulting application start time: 0x01cd8b75f8bc68b8 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\ProgramData\DownloadnSave\bhoclass.dll Report Id: 369ff28f-f769-11e1-9ae2-dc0ea13764ce

    [ System Events ]
    Error - 30/08/2012 11:12:31 | Computer Name = OBriens-TOSH | Source = DCOM | ID = 10010
    Description =

    Error - 30/08/2012 12:53:14 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 30/08/2012 13:36:55 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 02/09/2012 08:46:34 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 02/09/2012 11:23:08 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 02/09/2012 11:44:55 | Computer Name = OBriens-TOSH | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 16:43:56 on ?02/?09/?2012 was unexpected.

    Error - 02/09/2012 11:47:12 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 02/09/2012 14:13:43 | Computer Name = OBriens-TOSH | Source = bowser | ID = 8003
    Description =

    Error - 02/09/2012 20:07:25 | Computer Name = OBriens-TOSH | Source = DCOM | ID = 10005
    Description =

    Error - 02/09/2012 20:07:24 | Computer Name = OBriens-TOSH | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%109


    < End of report >


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL copy and paste this into the custom scan/fixes box



    :OTL
    O4 - HKCU..\Run: [Upovh] C:\Users\O'Briens\AppData\Roaming\Apwyqu\iwnoo.exe ()
    O32 - AutoRun File - [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/08/26 01:24:33 | 001,003,520 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/07/13 21:14:15 | 000,000,161 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell - "" = AutoRun
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2006/08/26 01:24:33 | 001,003,520 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\Shell\setup\command - "" = F:\setup.exe -- [2006/09/13 20:23:55 | 000,253,952 | R--- | M] (Microsoft Game Studios )
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\directx\command - "" = E:\directx9\DXSETUP.exe -- [2005/05/26 23:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- [2005/09/19 23:04:52 | 000,253,952 | R--- | M] (Microsoft Game Studios )
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Houmez
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Giom
    [2012/08/27 13:54:09 | 000,000,000 | ---D | C] -- C:\Users\O'Briens\AppData\Roaming\Apwyqu
    [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\O'Briens\Documents\*.tmp files -> C:\Users\O'Briens\Documents\*.tmp -> ]
    [2012/08/27 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\O'Briens\AppData\Roaming\Utefalo

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click Run Fix, post the log it gives you.


    If you have the superantispyware log from before, can you attach that here too.


  • Advertisement
  • Registered Users Posts: 10 seannn2


    There I did what you said and the laptop rebooted, here is the result.

    ____________


    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Upovh deleted successfully.
    C:\Users\O'Briens\AppData\Roaming\Apwyqu\iwnoo.exe moved successfully.
    File move failed. E:\autorun.exe scheduled to be moved on reboot.
    File move failed. F:\autorun.exe scheduled to be moved on reboot.
    File move failed. F:\Autorun.inf scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ not found.
    File move failed. F:\autorun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e8eaa6-e07c-11e1-92fb-dc0ea13764ce}\ not found.
    File move failed. F:\setup.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    File move failed. E:\autorun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    File move failed. E:\directx9\DXSETUP.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83245ba5-2fce-11e1-8fd8-806e6f6e6963}\ not found.
    File move failed. E:\setup.exe scheduled to be moved on reboot.
    C:\Users\O'Briens\AppData\Roaming\Houmez folder moved successfully.
    C:\Users\O'Briens\AppData\Roaming\Giom folder moved successfully.
    C:\Users\O'Briens\AppData\Roaming\Apwyqu folder moved successfully.
    C:\Windows\SysWow64\sho21A5.tmp deleted successfully.
    C:\Windows\SysWow64\sho4E3A.tmp deleted successfully.
    C:\Windows\SysWow64\sho8584.tmp deleted successfully.
    C:\Windows\SysWow64\sho9485.tmp deleted successfully.
    C:\Windows\SysWow64\shoAE02.tmp deleted successfully.
    C:\Windows\SysWow64\shoC5B4.tmp deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleCrashHandler.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleCrashHandler64.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleUpdate.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleUpdateBroker.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleUpdateHelper.msi deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleUpdateOnDemand.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\GoogleUpdateSetup.exe deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdate.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_am.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ar.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_bg.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_bn.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ca.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_cs.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_da.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_de.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_el.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_en-GB.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_en.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_es-419.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_es.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_et.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_fa.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_fi.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_fil.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_fr.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_gu.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_hi.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_hr.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_hu.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_id.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_is.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_it.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_iw.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ja.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_kn.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ko.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_lt.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_lv.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ml.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_mr.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ms.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_nl.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_no.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_pl.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_pt-BR.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_pt-PT.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ro.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ru.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_sk.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_sl.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_sr.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_sv.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_sw.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ta.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_te.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_th.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_tr.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_uk.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_ur.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_vi.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_zh-CN.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\goopdateres_zh-TW.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\npGoogleUpdate3.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\psmachine.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp\psuser.dll deleted successfully.
    C:\Program Files (x86)\GUM7CEC.tmp folder deleted successfully.
    C:\Program Files (x86)\GUT7CED.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Users\O'Briens\Documents\~WRL1932.tmp deleted successfully.
    C:\Users\O'Briens\AppData\Roaming\Utefalo folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: O'Briens
    ->Temp folder emptied: 286512712 bytes
    ->Temporary Internet Files folder emptied: 581040243 bytes
    ->Java cache emptied: 1039251 bytes
    ->FireFox cache emptied: 74134097 bytes
    ->Google Chrome cache emptied: 423805529 bytes
    ->Flash cache emptied: 8926 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 375238759 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67718 bytes
    RecycleBin emptied: 412463538 bytes

    Total Files Cleaned = 2,055.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: O'Briens
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: O'Briens
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\O'Briens\Downloads\cmd.bat deleted successfully.
    C:\Users\O'Briens\Downloads\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.61.3 log created on 09132012_120910

    Files\Folders moved on Reboot...
    File move failed. E:\autorun.exe scheduled to be moved on reboot.
    File\Folder F:\autorun.exe not found!
    File\Folder F:\Autorun.inf not found!
    File\Folder F:\setup.exe not found!
    File move failed. E:\directx9\DXSETUP.exe scheduled to be moved on reboot.
    File move failed. E:\setup.exe scheduled to be moved on reboot.
    C:\Users\O'Briens\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    ___________________

    Thanks for your help!


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    one more step, download malwarebytes

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    update it, run a quick scan, post the log from it.


  • Registered Users Posts: 10 seannn2


    what exactly is this doing can you explain?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    if you are asking about the malwarebytes step, its similar to superantispyware but a better program. Basically it will scan for any left over malware there.


  • Registered Users Posts: 10 seannn2


    What about the whole OTL programme, see I'm studying Computer Science, still couldnt seem to get rid of that virus without doing it manually, had tried most other things, tried to locate it manually as well, but it was impossible,didnt want to to remove the wrong files, but it was wrecking my head, kept removing focus from applications and bringing up random ads! I'm running the malware bytes now and will post the log.


  • Advertisement
  • Registered Users Posts: 10 seannn2


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    O'Briens :: OBRIENS-TOSH [administrator]

    13/09/2012 12:30:45
    mbam-log-2012-09-13 (12-36-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200539
    Time elapsed: 5 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\CLSID\{075034F6-6D67-6B34-1F56-34153FD98BB4} (PUP.DownloadnSave) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{075034F6-6D67-6B34-1F56-34153FD98BB4} (PUP.DownloadnSave) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{075034F6-6D67-6B34-1F56-34153FD98BB4} (PUP.DownloadnSave) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{075034F6-6D67-6B34-1F56-34153FD98BB4} (PUP.DownloadnSave) -> No action taken.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> No action taken.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\data (PUP.DownloadnSave) -> No action taken.

    Files Detected: 9
    C:\ProgramData\DownloadnSave\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
    C:\Users\O'Briens\Downloads\ETS 1.3.rar.exe (Affiliate.Downloader) -> No action taken.
    C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\jlghlecgacmeipakebkelhkklemkgnnp.crx (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\data\content.js (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\DownloadnSave\data\jsondb.js (PUP.DownloadnSave) -> No action taken.

    (end)


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    OTL scans the main registry locations that malware uses, and it lists any files/folders that have been created recently by malware and other stuff. It also allows me to run loads of other scans/fixes that I need to.

    This can tell you more

    http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you can let mbam fix those. also tell me how the pc is running now


  • Registered Users Posts: 10 seannn2


    yeah it seems ok, everything is running fine, will be back on if I have any problems! thanks very much! Also have another question, there is about 12 random files after showing up on the desktop, these can be removed? just random files with random names.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    hmm let me see what they are first.

    open OTL click the None button at the top, copy and paste this in the custom scan/fixes box


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    clearallrestorepoints
    %systemroot%\*. /mp /s
    C:\*.*
    C:\Users\Public\Desktop\*.*


    click Run Scan, post the log it gives you.


  • Registered Users Posts: 10 seannn2


    OTL logfile created on: 13/09/2012 13:06:17 - Run 2
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\O'Briens\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.91 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 22.83% Memory free
    3.82 Gb Paging File | 1.21 Gb Available in Paging File | 31.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 96.76 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
    Drive D: | 148.65 Gb Total Space | 137.32 Gb Free Space | 92.38% Space Free | Partition Type: NTFS
    Drive E: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 632.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OBRIENS-TOSH | User Name: O'Briens | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days



    SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MCODS - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: MCODS - Reg Error: Value error.
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: MCODS - Reg Error: Value error.
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CLEARALLRESTOREPOINTS
    Restore point Set: OTL Restore Point

    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < C:\*.* >
    [2012/08/29 11:17:55 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
    [2012/09/13 12:42:41 | 1538,072,576 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/13 12:42:41 | 2050,764,800 | -HS- | M] () -- C:\pagefile.sys
    [2012/09/13 13:06:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2011/12/26 15:41:24 | 000,002,234 | ---- | M] () -- C:\RHDSetup.log
    [2012/03/15 16:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2011/08/26 11:43:48 | 000,000,070 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2012/07/12 20:56:40 | 000,000,453 | ---- | M] () -- C:\user.js
    [2010/07/15 03:10:48 | 000,252,968 | ---- | M] () -- C:\vcredis1.cab
    [2010/07/15 03:10:56 | 002,818,048 | ---- | M] () -- C:\vcredist.msi

    < C:\Users\Public\Desktop\*.* >
    [2012/05/17 17:35:50 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/08/29 11:15:44 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
    [2012/09/13 11:24:30 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/08/08 13:46:59 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2012/09/04 13:56:10 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
    [2012/09/04 13:37:36 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals.lnk
    [2012/04/19 20:20:20 | 000,000,514 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
    [2012/09/03 01:10:23 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/09/13 12:30:12 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/08/26 11:03:59 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Manual.lnk
    [2012/09/08 19:19:34 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/08/26 11:15:14 | 000,002,829 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
    [2012/07/12 13:27:51 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Play Stronghold Legends.lnk
    [2012/05/09 20:48:22 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/07/14 21:41:06 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2011/08/26 11:31:13 | 000,000,422 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Places.lnk
    [2011/08/26 11:11:23 | 000,002,748 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk

    < End of report >


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks good
    there is about 12 random files after showing up on the desktop, these can be removed? just random files with random names.
    Are these still there ? Can you copy and paste the name of one of them here


  • Registered Users Posts: 10 seannn2


    _E9E20A3F2D20169583F77B1E204FEC09


    Just random stuff like that, they are only like 2 kb in size


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Probably safe to delete, I'd imagine they are associated with windows media player.

    If there are no other issues, just open OTL click the CleanUp! button, and we are all done.


  • Registered Users Posts: 10 seannn2


    cheers thanks very much man really appreciate it :)


  • Advertisement
Advertisement