Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is lagging and programs are not working


  • Please log in to reply

#1
Nikkekoi

Nikkekoi

    Member

  • Member
  • PipPip
  • 24 posts
Hi! My computer started to lag about a couple of weeks ago. I didn't really mind it because I was just using it for reading e-books for school. A few days ago, I was using it for encoding school papers and I noticed that some of my programs were not working anymore. Also, my computer seems to lag when I encode or type websites or send emails. I did some things that were advised in other threads but I really don't know what to do next.

Attached Thumbnails

  • Picture1.jpg

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.
  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 2 #

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 3/10/2013 3:04:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikke\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.80% Memory free
3.97 Gb Paging File | 2.22 Gb Available in Paging File | 55.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 32.56 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
Drive D: | 144.08 Gb Total Space | 26.92 Gb Free Space | 18.68% Space Free | Partition Type: NTFS

Computer Name: NIKKE-PC | User Name: Nikke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/10 13:17:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikke\Downloads\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/21 03:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nikke\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/11/30 10:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/03/06 15:44:54 | 000,271,696 | ---- | M] () -- C:\Program Files\SMART BRO\AssistantServices.exe
PRC - [2012/03/06 15:44:54 | 000,153,424 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
PRC - [2011/11/25 04:18:04 | 000,210,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2011/11/09 07:57:00 | 000,530,352 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2011/10/25 03:09:58 | 000,305,080 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/09 04:43:58 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/09 04:36:58 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/06/08 04:07:58 | 000,063,432 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2011/06/08 04:07:36 | 000,186,296 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2011/06/08 04:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2011/05/10 07:06:02 | 002,750,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011/04/02 08:41:44 | 000,152,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/21 05:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2010/09/07 07:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/04/04 09:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/09 20:29:10 | 000,096,256 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32api.pyd
MOD - [2013/03/09 20:29:10 | 000,086,016 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\_elementtree.pyd
MOD - [2013/03/09 20:29:10 | 000,040,448 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\_socket.pyd
MOD - [2013/03/09 20:29:09 | 000,792,576 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._gdi_.pyd
MOD - [2013/03/09 20:29:09 | 000,571,392 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\pysqlite2._sqlite.pyd
MOD - [2013/03/09 20:29:09 | 000,263,168 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32com.shell.shell.pyd
MOD - [2013/03/09 20:29:09 | 000,153,088 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\pyexpat.pyd
MOD - [2013/03/09 20:29:09 | 000,070,656 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._html2.pyd
MOD - [2013/03/09 20:29:09 | 000,023,040 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32ts.pyd
MOD - [2013/03/09 20:29:09 | 000,011,776 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32crypt.pyd
MOD - [2013/03/09 20:29:08 | 001,024,616 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\windows._cacheinvalidation.pyd
MOD - [2013/03/09 20:29:08 | 000,017,920 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32profile.pyd
MOD - [2013/03/09 20:29:07 | 000,731,136 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._misc_.pyd
MOD - [2013/03/09 20:29:07 | 000,354,304 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\pythoncom26.dll
MOD - [2013/03/09 20:29:07 | 000,110,592 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\PyWinTypes26.dll
MOD - [2013/03/09 20:29:07 | 000,073,728 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\_ctypes.pyd
MOD - [2013/03/09 20:29:05 | 000,645,120 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\_ssl.pyd
MOD - [2013/03/09 20:29:05 | 000,110,592 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32security.pyd
MOD - [2013/03/09 20:29:04 | 001,169,408 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._core_.pyd
MOD - [2013/03/09 20:29:04 | 000,036,352 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32process.pyd
MOD - [2013/03/09 20:29:04 | 000,022,528 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32pdh.pyd
MOD - [2013/03/09 20:29:03 | 000,807,424 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._windows_.pyd
MOD - [2013/03/09 20:29:03 | 000,311,808 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\_hashlib.pyd
MOD - [2013/03/09 20:29:02 | 000,121,856 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._wizard.pyd
MOD - [2013/03/09 20:29:02 | 000,111,104 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32file.pyd
MOD - [2013/03/09 20:29:01 | 000,039,424 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32inet.pyd
MOD - [2013/03/09 20:29:00 | 001,056,256 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\wx._controls_.pyd
MOD - [2013/03/09 20:28:59 | 000,017,920 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\win32event.pyd
MOD - [2013/03/09 20:28:58 | 000,585,728 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\unicodedata.pyd
MOD - [2013/03/09 20:28:58 | 000,011,776 | ---- | M] () -- C:\Users\Nikke\AppData\Local\temp\_MEI40042\select.pyd
MOD - [2013/03/01 07:08:19 | 000,459,728 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/03/01 07:08:18 | 012,637,136 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
MOD - [2013/03/01 07:08:16 | 004,050,896 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/03/01 07:07:25 | 000,596,944 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/03/01 07:07:24 | 000,124,368 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/03/01 07:07:21 | 001,552,848 | ---- | M] () -- C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/03/06 15:44:54 | 000,153,424 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2007/01/18 01:36:38 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/02/27 20:27:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/01 10:24:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/06 15:44:54 | 000,271,696 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011/11/25 04:18:04 | 000,210,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2011/11/09 07:57:00 | 000,530,352 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/12 08:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/10 12:06:16 | 000,112,552 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2011/06/08 04:07:36 | 000,186,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2011/06/08 04:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011/04/02 08:41:44 | 000,152,496 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/10/21 05:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/27 04:04:46 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/11/16 02:11:12 | 000,094,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/10/21 17:41:56 | 002,223,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/31 04:48:56 | 000,236,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2011/08/11 10:06:30 | 000,067,968 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_cdc_acm.sys -- (zte_cdc_acm)
DRV - [2011/08/11 10:06:30 | 000,047,488 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_ecm_enum_filter.sys -- (zte_ecm_enum_filter)
DRV - [2011/08/11 10:06:30 | 000,047,488 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_ecm_enum.sys -- (zte_ecm_enum)
DRV - [2011/08/11 10:06:30 | 000,032,768 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_cdc_ecm.sys -- (zte_cdc_ecm)
DRV - [2011/08/11 10:06:30 | 000,009,984 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_cpo.sys -- (zte_cpo)
DRV - [2011/08/09 08:53:26 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/07/13 11:07:40 | 000,016,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2011/02/09 10:08:00 | 000,033,616 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2011/01/28 06:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/11/30 02:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/12 01:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/08/31 01:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/04/27 02:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 02:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/08 00:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/18 02:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.4.0.11328
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/02 20:20:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/25 12:15:25 | 000,000,000 | ---D | M]

[2012/09/27 11:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Extensions
[2013/02/16 23:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions
[2012/06/08 08:45:44 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/12/08 07:07:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/28 22:03:16 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/28 21:56:44 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/14 20:03:14 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/08/15 10:29:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/28 21:58:54 | 000,002,203 | ---- | M] () -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\searchplugins\MyStart Search.xml
[2012/09/27 04:29:00 | 000,002,519 | ---- | M] () -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\searchplugins\Search_Results.xml
[2012/09/27 11:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/15 01:18:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/06 19:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) -- C:\USERS\NIKKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NOC4PJGD.DEFAULT\EXTENSIONS\[email protected]
[2012/06/01 10:24:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 01:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/05 15:59:05 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/01 10:23:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/27 04:29:00 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/01 10:23:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com.ph/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Save now = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnpfcegijiidalnoeeigipepclpljgh\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: New Tab for Chrome = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: uTorrentControl2 = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0\
CHR - Extension: Gmail = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/15 10:43:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [googletalk] C:\Users\Nikke\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [PomodoroApp] C:\Program Files\PomodoroApp\PomodoroApp.exe (PomodoroApp Software)
O4 - Startup: C:\Users\Nikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nikke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Nikke\LOCALS~1\Temp\msuquri.bat) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF2FA24-1970-44E7-9CC5-EDDBAC50C12F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF2FA24-1970-44E7-9CC5-EDDBAC50C12F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 14:02:15 | 000,000,000 | R--D | C] -- C:\Users\Nikke\Documents\Scanned Documents
[2013/03/10 14:02:13 | 000,000,000 | ---D | C] -- C:\Users\Nikke\Documents\Fax
[2013/03/09 16:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/03/09 16:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/03/09 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\DVDVideoSoft
[2013/03/09 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/03/08 21:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/08 21:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/07 10:34:29 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\OpenCandy
[2013/03/06 21:13:28 | 000,000,000 | ---D | C] -- C:\Users\Nikke\Documents\commed
[2013/03/02 15:46:59 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\{994F4882-DDEA-4BE4-81E8-EA6EEDAC6CE1}
[2013/03/02 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\{C64C782F-F116-458F-971F-3CFEC4CD44CF}
[2013/03/02 15:45:27 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/02/23 19:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/23 19:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/23 19:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/23 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/16 23:17:42 | 000,000,000 | ---D | C] -- C:\Users\Nikke\Documents\lower respi
[2013/02/09 23:39:56 | 000,000,000 | ---D | C] -- C:\Users\Nikke\Desktop\New folder
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/10 15:02:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000UA.job
[2013/03/10 14:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 14:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 06:17:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/10 00:02:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000Core.job
[2013/03/09 20:38:01 | 000,016,656 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 20:38:01 | 000,016,656 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 20:29:04 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/09 20:27:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2013/03/09 16:10:54 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013/03/09 16:10:54 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/03/09 13:41:23 | 000,628,904 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/03/09 13:41:23 | 000,110,798 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/03/08 21:46:44 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/07 10:34:58 | 000,001,014 | ---- | M] () -- C:\Users\Nikke\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/03/07 10:34:58 | 000,000,990 | ---- | M] () -- C:\Users\Nikke\Desktop\PhotoScape.lnk
[2013/02/27 20:27:37 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/02/27 20:27:36 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/02/23 19:24:29 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/20 22:41:29 | 000,001,016 | ---- | M] () -- C:\Users\Nikke\Desktop\Dropbox.lnk
[2013/02/08 22:22:07 | 000,167,674 | ---- | M] () -- C:\Users\Nikke\Documents\hp rewards.pdf
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/09 16:10:54 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013/03/09 16:10:54 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/03/08 21:46:44 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/23 19:24:29 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/20 22:41:29 | 000,001,016 | ---- | C] () -- C:\Users\Nikke\Desktop\Dropbox.lnk
[2013/02/08 22:22:06 | 000,167,674 | ---- | C] () -- C:\Users\Nikke\Documents\hp rewards.pdf
[2012/09/27 16:23:35 | 000,000,182 | ---- | C] () -- C:\Users\Nikke\u.ini
[2012/07/20 10:52:54 | 000,000,600 | ---- | C] () -- C:\Users\Nikke\PUTTY.RND
[2012/06/06 19:52:07 | 000,000,442 | ---- | C] () -- C:\Users\Nikke\Desktop.lnk
[2012/04/19 10:47:18 | 000,192,616 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/02/27 04:05:16 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/12/27 12:49:20 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/12/14 05:57:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/09/15 09:11:16 | 001,048,576 | ---- | C] () -- C:\windows\System32\syndata.bin
[2011/08/09 08:53:28 | 000,246,804 | ---- | C] () -- C:\windows\System32\drivers\AtherosBT.bin

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

#5
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL Extras logfile created on: 3/10/2013 3:04:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikke\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.80% Memory free
3.97 Gb Paging File | 2.22 Gb Available in Paging File | 55.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 32.56 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
Drive D: | 144.08 Gb Total Space | 26.92 Gb Free Space | 18.68% Space Free | Partition Type: NTFS

Computer Name: NIKKE-PC | User Name: Nikke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F15F104-51B7-4A64-AD76-403BDD445FF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D8B9AA1-E78E-4B05-BD6E-40889D17DADA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53C69912-B317-434F-8EEE-C742667DB729}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{62AF6EB0-C850-4F83-AB5C-37B0224315FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66ED9872-30FC-4E27-B606-497FF34DF03C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A649419-E2C9-4307-B8A8-AE9ABC8AED39}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6C529F89-DE73-422E-8D18-5606C61BC40F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{813CD573-5011-42D5-9906-A7A6DCF9886E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83158B24-AC08-43C4-9A1D-30E9CD7C0893}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8797A157-E5F8-4C90-A14E-78C2CE34BA03}" = rport=139 | protocol=6 | dir=out | app=system |
"{87BB6357-E299-4267-8123-746AD53C1F1D}" = lport=138 | protocol=17 | dir=in | app=system |
"{91A5DD61-88DC-40E5-942A-D86CA9B368AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{94C329EE-F5A5-43EC-9F29-E57166956130}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4198563-4920-4B38-A73E-F8E3ACCAC8A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6AF1B06-9EB2-4469-ACF8-0497EA29A388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B23DA693-9B10-4074-A9A2-3C237858612B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B81C8640-B14B-4F4B-93D4-2773618F17BB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9C182CC-F8FA-4313-811B-3E9888AB2C1C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC4779DE-180E-4460-8C4E-5DF38AB3E594}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1513A14-D0B5-427B-A2C0-1BC6FB35F92F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C51BE4E8-92C0-47EF-BC80-75CBF17125EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2479C5E-4161-4AFC-B0A0-C695F5E2FC3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D6089564-DEC6-4643-B19D-B06D6F54192A}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB0493EE-5EB5-497F-B0B5-A7C191CA0ECC}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0292B4D7-5D77-45AA-8373-FAC5D37665D3}" = protocol=58 | dir=out | [email protected],-28546 |
"{1D601EFA-4F98-4798-BD3B-3B0ED9D25229}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{27B0147B-3A24-44B3-B8D0-DF7845DD8C43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3027076D-27E0-47C2-91A9-69F0311C2D2D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{3A1A1B54-D828-441A-BAA1-243F6C99E279}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{48B3E7A7-4856-4176-8D2A-8F742E70EAF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B1E0223-C031-4C87-A8BE-3A0106B517F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{620277BC-4B35-4181-A412-9DAC7ED76160}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{64591111-05A3-4377-9FEA-BF8BE42CB725}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6B84F2ED-703E-4555-8207-0CE838F2FA17}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{6CB1D5B4-DBFB-4A60-ADDF-350D1F740A81}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{781D6EA2-FD24-4C0F-99F5-A08ECD6E1E2A}" = protocol=6 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"{8CC3B43F-CEDF-48B3-8810-B59C74EEB775}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90E668DA-B7EB-4408-B42D-0BFB1AB7C8BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F925839-CE35-4637-88BD-5A8FC381B2BE}" = protocol=1 | dir=out | [email protected],-28544 |
"{A11326F0-25B3-4A5E-A0F4-3853095449D9}" = protocol=17 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"{A478B505-B04D-4910-BBE4-FA72EB8CC802}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABB18847-81AA-4378-9E1C-BA41BA22A9E7}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{B74062C7-906B-4344-B84D-C1B6CF53AC3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B9B7295E-714F-4470-B8CA-4BBE423AE0B0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9FEF978-4345-4AAC-8ADA-7D321D284665}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BAC2E9BE-65FC-4B52-824C-4AC12242E8AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BB1CF74E-7FDD-49D6-BA12-74130269816C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BC0914F8-5198-45D7-B65D-C9F7802F0351}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CE536F34-2700-438B-8791-74049DFAE438}" = protocol=58 | dir=in | [email protected],-28545 |
"{D6CF6C97-FD0F-4D3B-A578-B60E5C9747B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3403CD5-100F-4AC9-BDE1-78B5D1551DA9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{E4B82DE2-33B1-409F-AB05-2834F4AA46DD}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{303572E5-4BE6-4A13-B7FE-F07F3CAEE84E}C:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{43477F30-A693-4F63-913D-981B7C2A3573}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{23DAE7AE-D429-4F70-975A-546498A6358B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{2B8367D7-1E34-466A-B500-3A122B77D814}C:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Help
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39ED2FD9-9269-42F5-A032-AA15736AF0AF}_is1" = Bigasoft YouTube Downloader 1.0.1.4535
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51BA435B-D119-4A1B-966C-673D382B260A}" = HP Deskjet Ink Adv 2060 K110 Basic Device Software
"{5494B59E-6E82-499E-91AC-C53199955EC5}" = Atheros Bluetooth Filter Driver Package
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = SMART BRO
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B081F658-8216-4AFB-BED7-14CCA2DE0F73}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA604579-F4F4-4651-8A20-95FF63DB499F}" = TOSHIBA Audio Enhancement
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}" = TOSHIBA ConfigFree
"{EE1564DB-FBF5-4B39-9A53-0C522269936C}" = HP Deskjet Ink Adv 2060 K110 Product Improvement Study
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Atlas Of Histology" = Atlas Of Histology
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"HP Photo Creations" = HP Photo Creations
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PomodoroApp_is1" = PomodoroApp 2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 2.0.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-512709ca-b3f4-41a6-a96c-aa1bef9d9829" = Plants vs. Zombies - Game of the Year
"WTA-a259f1e6-f7ba-4f02-9ace-7bc1d2e4cff4" = Bejeweled 3
"WTA-f224311b-a3f3-4794-a4e8-dcd509ad5e2b" = Zuma's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"oDVT" = oDesk Team
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2013 1:36:21 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 3/9/2013 1:36:21 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 3/9/2013 1:36:22 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 3/9/2013 1:36:26 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 3/9/2013 1:36:26 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 3/9/2013 1:36:26 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 3/9/2013 1:36:26 AM | Computer Name = Nikke-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 3/9/2013 1:40:45 AM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.7.4018.3496,
time stamp: 0x509418e4 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x7f0b0002 Faulting process id:
0x1350 Faulting application start time: 0x01ce1c880754b690 Faulting application path:
C:\Program Files\Google\Drive\googledrivesync.exe Faulting module path: unknown Report
Id: e328e1ce-887b-11e2-bda7-00266c125c79

Error - 3/9/2013 1:13:06 PM | Computer Name = Nikke-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\sync
utility\x64\TSyncUtil.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/10/2013 2:02:50 AM | Computer Name = Nikke-PC | Source = Application Virtualization Client | ID = 3079
Description = {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=13F4:usr=Nikke}
The
client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0B004B04-00000419,
last error 2).

[ System Events ]
Error - 3/9/2013 1:36:34 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 3/9/2013 1:36:34 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/9/2013 1:36:40 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 3/9/2013 1:36:40 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/9/2013 8:27:31 AM | Computer Name = Nikke-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:36:35 PM on ?3/?9/?2013 was unexpected.

Error - 3/9/2013 8:28:21 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Live ID Sign-in Assistant service to connect.

Error - 3/9/2013 8:28:21 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error: %%1053

Error - 3/9/2013 8:29:21 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/9/2013 1:13:51 PM | Computer Name = Nikke-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 3/9/2013 6:31:56 PM | Computer Name = Nikke-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.


< End of report >
  • 0

#6
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-10 15:35:24
-----------------------------
15:35:24.914 OS Version: Windows 6.1.7601 Service Pack 1
15:35:24.915 Number of processors: 4 586 0x3601
15:35:24.921 ComputerName: NIKKE-PC UserName: Nikke
15:35:30.121 Initialize success
16:26:32.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:26:32.045 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
16:26:32.078 Disk 0 MBR read successfully
16:26:32.089 Disk 0 MBR scan
16:26:32.101 Disk 0 Windows VISTA default MBR code
16:26:32.128 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:26:32.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 148667 MB offset 3074048
16:26:32.170 Disk 0 Partition - 00 0F Extended LBA 147542 MB offset 307544064
16:26:32.216 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7535 MB offset 609710080
16:26:32.293 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 147541 MB offset 307546112
16:26:32.317 Disk 0 scanning sectors +625141760
16:26:32.468 Disk 0 scanning C:\windows\system32\drivers
16:26:42.424 Service scanning
16:26:57.038 Service MpKsl8c482926 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0A3ECB1-47C2-42EA-9BA8-77C02BD79A70}\MpKsl8c482926.sys **LOCKED** 32
16:27:16.631 Modules scanning
16:27:38.501 Disk 0 trace - called modules:
16:27:38.522 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:27:38.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866d4948]
16:27:38.527 3 CLASSPNP.SYS[8898a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84263028]
16:27:38.529 Scan finished successfully
16:55:30.801 Disk 0 MBR has been saved successfully to "C:\Users\Nikke\Documents\MBR.dat"
16:55:30.943 The log file has been saved successfully to "C:\Users\Nikke\Documents\aswMBR.txt"
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • uTorrentControl2 Toolbar

# Step 2 #

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\Users\Nikke\PUTTY.RND

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

# Step 3 #

Apparently your computer have a malicious partition. Please, send me a screenshot of the Disk Management Tool:

  • Click in the start orb.
  • Type diskmgmt.msc and press ENTER.
  • Take a screenshot using the this >> Posted Image << button in your keyboard.
  • Open the Paint (just type paint in the start menu).
  • Paste the image (Ctrl + v).
  • Save the image.
  • Upload the image to imgur (for example)
  • Send me the link to the image hosted on imgur.com

# Step 4 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    [2012/06/08 08:45:44 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/12/08 07:07:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
    [2012/06/28 22:03:16 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
    [2012/09/05 15:59:05 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/09/27 04:29:00 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    F3 - HKCU WinNT: Load - (C:\Users\Nikke\LOCALS~1\Temp\msuquri.bat) - File not found
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#8
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's the link ...

https://www.virustot...sis/1363012619/
  • 0

#9
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's for imgur.. http://imgur.com/Bd3BfKl,o6B4PlI
  • 0

#10
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: [email protected]:1.5.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.20.00 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.5.0 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected] folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Nikke\LOCALS~1\Temp\msuquri.bat deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nikke
->Temp folder emptied: 259420615 bytes
->Temporary Internet Files folder emptied: 865728 bytes
->Java cache emptied: 170 bytes
->FireFox cache emptied: 55544971 bytes
->Google Chrome cache emptied: 405861623 bytes
->Flash cache emptied: 523 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1460124 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12163275 bytes
RecycleBin emptied: 12597484 bytes

Total Files Cleaned = 713.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03112013_230430

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Do you know this partition with 7,36 GB?
  • 0

#12
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello,

Actually, no. I don't know what that is. What do I do?
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

I'm thinking this partition with 7.36 GB is malicious.

  • DownloadRogueKiller and save it on your desktop.
  • Quit all programs
  • StartRogueKiller.exe.
  • WaituntilPrescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Send me this report in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP