Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to remove Yontoo, and Conduit? [Closed]


  • This topic is locked This topic is locked

#1
Cristianttt

Cristianttt

    New Member

  • Member
  • Pip
  • 2 posts
First of all there were two new programs under my uninstall list. One is Yontoo and the other was a Conduit based program. I am not sure where these two programs came from, nor what they are but they will not allow themselves to be removed. Also, before I was aware of these two programs a blue screen would appear randomly stating that
"A problem has been detected and windows has been shut down to prevent damage to your computer.

BAD_POOL_CALLER"

Then Technical Information was pasted afterwards as: "*** STOP: 0x000000C2 (0x0000000000000007,0x000000000000109B,0xFFFFFA800A7B50B0)

After all the data was collected for a crash dump and the physical memory was dumped to disk the computer would reset and if started normally would display the BAD_POOL_CALLER screen again.

I am looking for any means of help to solve these three issues. Any bit of help would be appreciated.

Thank you,

Cris
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.


  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) Let's get a look at your system. Please follow the instructions below.


Step 1: Scan with OTL



Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.

Things I need to see in your next post:

OTL Log

Extras Log

  • 0

#3
Cristianttt

Cristianttt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello,


This is the OTL.txt file:

OTL logfile created on: 12/17/2013 12:36:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cristian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.93 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 60.59% Memory free
11.86 Gb Paging File | 9.48 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 559.50 Gb Total Space | 320.64 Gb Free Space | 57.31% Space Free | Partition Type: NTFS
Drive E: | 1.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.45 Gb Total Space | 29.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CRISTIAN-PC | User Name: Cristian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/10/30 15:11:26 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Cristian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/10/29 15:12:46 | 029,769,240 | ---- | M] (Dropbox, Inc.) -- C:\Users\Cristian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 06:25:36 | 000,389,632 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
PRC - [2013/04/26 06:25:18 | 001,235,456 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
PRC - [2013/02/06 11:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
PRC - [2010/05/21 00:53:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/22 15:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/12/25 17:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/29 14:56:10 | 003,558,400 | ---- | M] () -- C:\Users\Cristian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Cristian\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/05/30 01:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 11:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/26 06:25:36 | 000,389,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe -- (RIM MDNS)
SRV - [2013/04/26 06:25:18 | 001,235,456 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe -- (RIM Tunnel Service)
SRV - [2013/02/06 11:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2010/10/07 01:21:48 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/05/21 00:53:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/25 15:07:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/01/28 18:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 18:54:01 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/26 06:23:00 | 000,017,920 | ---- | M] (Research in Motion Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys -- (rimvndis)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/02/18 06:42:10 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/01/03 12:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 14:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/17 22:36:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/26 07:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/07 00:54:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/08 20:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 16:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 00:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 12:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/29 12:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 23:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/04/24 20:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2013/12/16 15:19:50 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131216.019_c66\ex64.sys -- (NAVEX15)
DRV - [2013/12/16 15:19:50 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys -- (EraserUtilDrv11312)
DRV - [2013/12/16 15:19:50 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131216.019_c66\eng64.sys -- (NAVENG)
DRV - [2013/12/13 20:19:30 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131216.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/03 18:35:20 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131203.001_d81\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/20 22:08:32 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/20 22:08:32 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6E-1B92574BCF70
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0004cedde0ca6c4
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSCA_enCA467
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cristian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cristian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/21 13:36:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/12/16 20:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013/12/16 15:29:12 | 000,000,000 | ---D | M]

[2012/05/21 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristian\AppData\Roaming\Mozilla\Extensions
[2012/01/19 22:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/19 22:40:33 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013/12/11 21:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\5jq7b4ck.default\extensions
[2013/12/16 15:28:58 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\5jq7b4ck.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/12/11 20:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 20:36:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Sudoku = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Word Search = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\
CHR - Extension: Word Search = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\~
CHR - Extension: 4 in a row = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\japgnkcfkbjlbjbfbadfbjagfcnnadcd\0.1_0\
CHR - Extension: Freemake Video Converter = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: BB10 / PlayBook App Manager = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp\2.2.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\
CHR - Extension: Lumosity = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Flow Colors = C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.3_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4149680743-2860319518-2181519410-1000..\Run: [SkyDrive] C:\Users\Cristian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cristian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files (x86)\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files (x86)\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6713CBDA-6A87-4234-83F1-29922C1A1FD7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF6549B5-1222-42AC-A070-F6322B3502C8}: DhcpNameServer = 100.100.0.102
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b3e3ef86-b838-11e1-a0e3-88ae1ded2a12}\Shell - "" = AutoRun
O33 - MountPoints2\{b3e3ef86-b838-11e1-a0e3-88ae1ded2a12}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/17 00:33:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cristian\Desktop\OTL (1).exe
[2013/12/16 16:26:33 | 000,000,000 | ---D | C] -- C:\Users\Cristian\Documents\Electronic Arts
[2013/12/14 17:44:42 | 000,000,000 | -H-D | C] -- C:\Users\Cristian\Documents\Freemake_do_not_remove_this_folder635226398827664487
[2013/12/14 17:24:46 | 000,000,000 | -H-D | C] -- C:\Users\Cristian\Documents\Freemake_do_not_remove_this_folder
[2013/12/11 21:32:47 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\SearchProtect
[2013/12/11 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/11 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\NativeMessaging
[2013/12/11 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\CRE
[2013/12/11 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Programs
[2013/12/11 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Macromedia
[2013/12/11 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Mozilla
[2013/12/11 20:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/12/11 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/11 20:22:14 | 000,000,000 | ---D | C] -- C:\Users\Cristian\Documents\Freemake
[2013/12/10 20:03:39 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\WBFSManager
[2013/12/10 20:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2013/12/05 01:34:40 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/11/29 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\Cristian\Documents\BlackBerry
[2013/11/23 01:10:39 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Bundled software uninstaller
[2013/11/23 01:10:28 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\WebPlayer
[2013/11/23 01:10:15 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\FilesFrog Update Checker
[2013/11/19 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Microsoft_Corporation
[2013/11/17 14:03:59 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2013/12/17 00:35:09 | 000,002,398 | ---- | M] () -- C:\Users\Cristian\Desktop\Google Chrome.lnk
[2013/12/17 00:33:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cristian\Desktop\OTL (1).exe
[2013/12/17 00:30:05 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/17 00:30:05 | 000,628,874 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/17 00:30:05 | 000,111,026 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/17 00:28:51 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/16 23:57:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4149680743-2860319518-2181519410-1000UA.job
[2013/12/16 23:53:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/16 20:09:47 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/16 20:09:47 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/16 20:01:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/16 20:01:29 | 738,609,995 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/16 20:01:24 | 482,349,055 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/16 19:18:40 | 000,000,869 | ---- | M] () -- C:\Users\Cristian\Desktop\µTorrent.lnk
[2013/12/16 15:57:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4149680743-2860319518-2181519410-1000Core.job
[2013/12/11 21:33:06 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/18 03:14:16 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/18 03:14:16 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/12/16 19:18:40 | 000,000,869 | ---- | C] () -- C:\Users\Cristian\Desktop\µTorrent.lnk
[2013/12/11 21:30:05 | 000,000,009 | ---- | C] () -- C:\END
[2013/11/18 03:14:16 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/18 03:14:16 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/09/05 09:24:43 | 000,000,017 | ---- | C] () -- C:\Users\Cristian\AppData\Local\resmon.resmoncfg
[2012/01/31 08:39:45 | 000,000,164 | ---- | C] () -- C:\windows\SysWow64\psconv.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/17 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\.minecraft
[2012/11/01 21:02:43 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Advanced Chemistry Development
[2012/02/08 00:24:48 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Babylon
[2012/06/17 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\DAEMON Tools Pro
[2013/12/17 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Dropbox
[2013/04/04 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\GoforFiles
[2012/01/21 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\ICAClient
[2013/03/04 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Maple
[2013/06/04 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Research In Motion
[2013/08/15 23:49:01 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\SPORE
[2012/12/01 21:28:40 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\SynthMaker
[2012/01/19 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Tific
[2012/09/23 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Toshiba
[2012/02/10 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Ulead Systems
[2013/12/16 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\uTorrent
[2012/01/19 20:14:25 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\WildTangent
[2012/01/19 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\WinBatch
[2012/01/19 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Cristian\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/06/15 14:42:39 | 000,000,622 | ---- | M] () MD5=85459E46FF611D67D2E1F43C085BFF14 -- C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XWFUVBYU\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is S3A9104D008
Volume Serial Number is 10A8-4840
Directory of C:\
14/07/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cristian
19/01/2012 07:49 PM <JUNCTION> Application Data [C:\Users\Cristian\AppData\Roaming]
19/01/2012 07:49 PM <JUNCTION> Cookies [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Cookies]
19/01/2012 07:49 PM <JUNCTION> Local Settings [C:\Users\Cristian\AppData\Local]
19/01/2012 07:49 PM <JUNCTION> My Documents [C:\Users\Cristian\Documents]
19/01/2012 07:49 PM <JUNCTION> NetHood [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/01/2012 07:49 PM <JUNCTION> PrintHood [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/01/2012 07:49 PM <JUNCTION> Recent [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Recent]
19/01/2012 07:49 PM <JUNCTION> SendTo [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\SendTo]
19/01/2012 07:49 PM <JUNCTION> Start Menu [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu]
19/01/2012 07:49 PM <JUNCTION> Templates [C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cristian\AppData\Local
19/01/2012 07:49 PM <JUNCTION> Application Data [C:\Users\Cristian\AppData\Local]
19/01/2012 07:49 PM <JUNCTION> History [C:\Users\Cristian\AppData\Local\Microsoft\Windows\History]
19/01/2012 07:49 PM <JUNCTION> Temporary Internet Files [C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Cristian\AppData\LocalLow
18/04/2012 11:46 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Cristian\Documents
19/01/2012 07:49 PM <JUNCTION> My Music [C:\Users\Cristian\Music]
19/01/2012 07:49 PM <JUNCTION> My Pictures [C:\Users\Cristian\Pictures]
19/01/2012 07:49 PM <JUNCTION> My Videos [C:\Users\Cristian\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 344,280,567,808 bytes free

< End of report >



This is the Extras.txt file:

OTL Extras logfile created on: 12/17/2013 12:36:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cristian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.93 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 60.59% Memory free
11.86 Gb Paging File | 9.48 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 559.50 Gb Total Space | 320.64 Gb Free Space | 57.31% Space Free | Partition Type: NTFS
Drive E: | 1.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.45 Gb Total Space | 29.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CRISTIAN-PC | User Name: Cristian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B572C50-3EE2-4F4D-BD99-2EA24C5BDD5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{0E67FEED-6633-49CF-AA51-98A1364707BB}" = lport=8080 | protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\nginx\nginx.exe |
"{0EE72F7F-85DF-45D0-9EA0-29A05AF47AB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0FA9F9A1-6C08-48FD-86CE-A933E6E88318}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3614B17B-6781-403D-A082-E8ADA2CAFF69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3807DC66-1AF7-4B38-9415-B8EF1B6AE064}" = rport=445 | protocol=6 | dir=out | app=system |
"{39339A50-890B-45F6-95DC-537728CA6477}" = rport=137 | protocol=17 | dir=out | app=system |
"{70DD05BD-CE8D-4670-ACE4-1F47D52C9888}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7335C25C-4BF6-4D42-8663-E2796D914593}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75C5B05D-B384-45D6-BEE8-AB0641EA1473}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A5BDD42-A70F-4EA1-AC70-739B90BBD1FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83551B9E-4282-4DA6-AAC9-380FEECEEC13}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8ACD29BE-02A2-4002-9CFE-DEED01098ED6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BA727F3-E680-4E53-B10B-18A5E471F244}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{CECC1FE2-70B3-4534-A39D-70D1AC13DAC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2371AE0-C334-4B10-847C-886981EEE063}" = rport=139 | protocol=6 | dir=out | app=system |
"{D30DA73A-8E8F-44D5-9C35-0DD4DC4E8C35}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD0BF0FD-833E-4AA2-9BA1-158127FB86E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEBE64AD-A965-4BCC-BB00-F558CB2C4E43}" = lport=445 | protocol=6 | dir=in | app=system |
"{DEF96CF7-1179-4DE5-B105-B17141963DFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E4EDFC3A-613A-400A-BA12-E4187627DD4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECDF6AF6-D13D-46B8-90ED-40AA12CC439C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0E7D0D9-D36C-4C57-93AA-8EDD90BCAB87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F33EEFBE-40B0-4CF4-B209-8A90C049A707}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8A6EE70-1791-49A4-8D6C-9379FF32EFDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF378412-4E8D-44C6-9E6E-9C4148C600FC}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0361818E-FB37-4304-906F-DF9FFCA395AB}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{055A7AC4-CF8B-4BA2-A947-5B8BF9F9AF0A}" = dir=in | app=c:\users\cristian\appdata\local\microsoft\skydrive\skydrive.exe |
"{08680E9F-77A9-4D2A-8C1A-9C2CA4F00B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0BA24FEE-86C4-4F82-BE18-63600D3E3B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D2470D0-CE24-47C2-8DA2-76DA72366C8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{13269CDC-B22A-4462-827B-89E9D72A4334}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{139AC777-FF78-4128-AD14-FA34F79CC5FA}" = protocol=6 | dir=out | app=system |
"{194D29CD-822D-4B72-8ED6-447A87276E72}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{223FDFF0-BA8B-4E40-8049-48C4D40EE42F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{300A2BB3-4E6C-46F4-8925-6D3D2B3754E5}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{3374D95C-0CEE-43DF-A210-E87B9AF432CB}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{343E519D-7F3D-4BC6-8DD9-EF03FEB36875}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{349A3C60-E03D-4942-AB99-24735FE3AD41}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{36026501-E967-426A-8854-92A39AC35839}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe |
"{378CCBCE-3916-462B-9789-C4D50E44D0CA}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{38DF0508-8773-4B77-BA24-940612C7C7A3}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{3D53ECEC-B9E1-4BCC-96E9-06611CFE6AC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B67B4D1-BF7A-4F1D-9053-7D5EA39840BD}" = protocol=6 | dir=in | app=c:\users\cristian\appdata\roaming\utorrent\utorrent.exe |
"{5492410C-2CE7-469B-9356-0DA2CEDC3EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5663E9D6-B50E-4116-9862-8D4787A34446}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{57D4DCFE-A7A6-4A21-82DC-DAB74D397E58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{66667D75-2D98-4950-BDAD-55699196FDB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B062EB1-3498-4124-8FAA-EDEB1C512F86}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B8D4C4E-2DB3-4A98-91A0-68DCD96393D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BBB7C4D-6ED8-4FA1-BC2D-40D6224DC10C}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{6BDAA625-F003-4B6E-A2B8-6B0BB51DB199}" = protocol=58 | dir=in | [email protected],-28545 |
"{6C52E77C-6B40-407A-B276-FFDCB99C8E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6E4F9110-8F22-4889-9878-2240ADF53EBC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{75D8200A-27EB-4B66-ADEA-67ED2AABAE79}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{7960077B-62D5-4E51-9D7C-4484D25C2E8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{7B10C0CE-C689-4B01-9CC7-7B7D645931F2}" = protocol=6 | dir=in | app=c:\users\cristian\appdata\roaming\dropbox\bin\dropbox.exe |
"{832D414A-5CF7-4B11-844A-17A9FC4C653C}" = protocol=58 | dir=in | app=system |
"{8445D147-DFC0-4C29-8DD8-0D08A281932E}" = protocol=17 | dir=in | app=c:\users\cristian\appdata\roaming\utorrent\utorrent.exe |
"{899D84C4-B9C6-4288-9A8D-4C9EE6B60E37}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{8A97BCE3-7670-4D34-B1EB-B0592CF71BE0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8CB73FD0-4FC6-48A3-B11A-4306AE4FD39B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{8E4C848E-BD62-4597-B74A-5DD4B8658A08}" = protocol=1 | dir=out | [email protected],-28544 |
"{9349CE90-E58F-4C7A-A082-05E241F0B8D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9368C81B-3DF6-4539-952E-457D010254FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{951E5190-F15B-43D0-81F1-DED2D6977E9A}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{9B33FE86-045E-41D6-9403-4B65D3A04A3B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9FC59B67-3455-42C8-8D7D-51BA7BE20D03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A09BE09D-6393-459E-8C3F-3B7D6F260A55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A764CC78-B354-4E0C-816F-2DB584183D1D}" = protocol=58 | dir=out | [email protected],-28546 |
"{A81E309B-A9F0-4E06-80F0-8F5E3B99B692}" = protocol=1 | dir=in | [email protected],-28543 |
"{B08F1A71-AFC7-4F7E-B424-567BF4CA34A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B318E101-73E7-41DE-97CB-DF23B31BC670}" = protocol=17 | dir=in | app=c:\users\cristian\appdata\roaming\dropbox\bin\dropbox.exe |
"{B31C2F81-0D4C-498D-AC48-579DE5AD8283}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B505E483-828C-494F-83FB-8EBAA596D86C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5F606C5-82E2-47DD-B197-2DBCC22B604C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C180A04B-B8F7-4822-9B9A-1EB1DF8835A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CCCD942D-5E3D-40A0-8374-5E344B2A00BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D1EB93B9-9811-4374-AF57-B7B487569BEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D21BC9F4-049B-4E9C-95C4-FF7DF9C832EB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D74A2F60-6CF8-4530-8A96-D5D94FDBBB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{D7907C38-CE9F-4A68-B890-E21B74F3CF6F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0F9300B-CC16-4047-BFEB-618F94E37FE2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3B0D702-40A3-402C-8E15-82B57B635DC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4F1A145-4682-4107-A4E1-FC48C9994CB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E517C16B-FF96-461F-B610-27306C3FBDBF}" = protocol=58 | dir=out | [email protected],-503 |
"{F3041F2B-8021-41CE-8A69-946520BF9D1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4DB3C60-7B8A-499F-9175-9EE15A814E36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F51BDBED-BF76-4022-AA24-299B6E0C276A}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe |
"{FB0EB1A4-D547-4E63-BC20-C4D3DF8C90C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Maple 16" = Maple 16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{48DEAAF2-8276-4BBD-B7B6-91E454938476}" = CambridgeSoft ChemDraw Ultra 12.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{602A205F-8D02-48EE-8782-262B2103B984}" = ScanSoft PDF Converter 3.0
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1" = MKV File Player
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F53EE198-4318-43C4-ADDF-9CCE032E2FD1}" = BlackBerry Link
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"BlackBerry_10_Desktop" = BlackBerry Link
"DAEMON Tools Pro" = DAEMON Tools Pro
"FL Studio 10" = FL Studio 10
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"IL Download Manager" = IL Download Manager
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Maple 16" = Maple 16
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Minecraft 1.4.5" = Minecraft 1.4.5
"N360" = Norton 360
"NVIDIA StereoUSB Driver" = NVIDIA StereoUSB Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"TOSHIBA Game Console" = WildTangent ORB Game Console
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4149680743-2860319518-2181519410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2013 8:38:58 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 3/28/2013 8:38:59 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/28/2013 8:38:59 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 3/28/2013 8:38:59 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

Error - 3/28/2013 8:39:00 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/28/2013 8:39:00 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3167

Error - 3/28/2013 8:39:00 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3167

Error - 3/29/2013 1:06:10 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/29/2013 1:06:10 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 59232940

Error - 3/29/2013 1:06:10 PM | Computer Name = Cristian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 59232940

[ Media Center Events ]
Error - 8/25/2012 8:49:32 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 8:49:32 AM - Error connecting to the internet. 8:49:32 AM - Unable
to contact server..

Error - 8/25/2012 8:49:37 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 8:49:37 AM - Error connecting to the internet. 8:49:37 AM - Unable
to contact server..

Error - 8/25/2012 9:49:42 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 9:49:42 AM - Error connecting to the internet. 9:49:42 AM - Unable
to contact server..

Error - 8/25/2012 9:49:47 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 9:49:47 AM - Error connecting to the internet. 9:49:47 AM - Unable
to contact server..

Error - 8/25/2012 6:38:59 PM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 6:38:59 PM - Error connecting to the internet. 6:38:59 PM - Unable
to contact server..

Error - 8/25/2012 6:39:05 PM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 6:39:04 PM - Error connecting to the internet. 6:39:04 PM - Unable
to contact server..

Error - 9/9/2012 10:27:01 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 10:27:00 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 9/9/2012 10:27:07 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 10:27:02 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 9/9/2012 11:27:12 AM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 11:27:11 AM - Error connecting to the internet. 11:27:11 AM - Unable
to contact server..

Error - 9/29/2012 6:09:20 PM | Computer Name = Cristian-PC | Source = MCUpdate | ID = 0
Description = 6:09:19 PM - Error connecting to the internet. 6:09:19 PM - Unable
to contact server..

[ System Events ]
Error - 12/16/2013 4:21:19 PM | Computer Name = Cristian-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/16/2013 4:31:12 PM | Computer Name = Cristian-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 12/16/2013 4:31:44 PM | Computer Name = Cristian-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error - 12/16/2013 4:51:46 PM | Computer Name = Cristian-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 12/16/2013 8:25:20 PM | Computer Name = Cristian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 12/16/2013 8:25:20 PM | Computer Name = Cristian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 12/16/2013 8:25:20 PM | Computer Name = Cristian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 12/16/2013 8:25:20 PM | Computer Name = Cristian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 12/16/2013 9:01:51 PM | Computer Name = Cristian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:59:38 PM on ?16/?12/?2013 was unexpected.

Error - 12/16/2013 9:02:38 PM | Computer Name = Cristian-PC | Source = BugCheck | ID = 1001
Description =


< End of report >






Thank you :)
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you :)


You're very much welcome. :thumbsup: Thank you for the logs, I'm in the process of putting together a proposed fix for my teachers approval. Once that is done, I'll post back with instructions and we'll start getting your machine cleaned. :)
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, I have one more scan for you to run, and then we'll be ready to go. :)



Scan with CKScanner

  • Download CKScanner from here.
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Things I need to see in your next post:

CKScanner Log

  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP