Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP PLEASE: BestSaveFoarYYoU 2.3 Virus [Solved]

Started by Chelmdog , Jan 15 2014 12:56 PM

  • This topic is locked This topic is locked

#1
Chelmdog
Posted 15 January 2014 - 12:56 PM

Chelmdog

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

I have an infected computer and to be honest I've just been disabling the extension every time I start up Chrome. It's an annoying thing. I may well have agreed to install it accidentally when downloading freeware from somewhere. I seem to recall just mashing the 'next' key on an installer and the next thing I know, I have ads popping up when I click a link and text is showing up as clickable links. Clearly malware, but normally I'm pretty good at getting rid of that kind of junk, but I can't shift this one.

The extension in chrome is called: BestSaveFoarYYoU 2.3 Virus.

In programs and features there's a program called ccontinuetoSSaave that when I go to uninstall it says 'this program and it's features are already removed if you like to remove from the list etc' I click yes, it disappears but is there again after a restart. I think that's all I know about this. I apologise for being careless with my computer. Yes I'm an idiot.

I am totally unfamiliar with OTL, but I've run it. And here's my log from a quick scan:

Any help would be greatfully received.

OTL logfile created on: 1/15/2014 6:32:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toshiba\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 72.62% Memory free
15.95 Gb Paging File | 13.60 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.22 Gb Total Space | 153.84 Gb Free Space | 34.25% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.07 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/14 18:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Downloads\OTL.exe
PRC - [2014/01/07 21:00:22 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/07 21:00:20 | 001,815,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/10 02:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 02:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/04 17:43:41 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Toshiba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/11/08 20:49:00 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/08 13:43:58 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/08 13:36:58 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/05/09 16:06:02 | 002,750,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011/03/11 21:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
PRC - [2011/03/10 17:20:00 | 000,701,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2011/02/01 20:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 20:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/16 17:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/06/23 10:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
PRC - [2010/05/20 23:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 21:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/03/11 01:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/07 21:00:22 | 001,138,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/12/12 22:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/12/12 22:04:18 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/12/12 22:04:14 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/11/05 01:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/06/14 23:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 23:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 23:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/10 02:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/26 21:52:20 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011/04/20 18:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/07 20:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/06 02:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/25 03:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/08 22:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 21:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (f1f78e38)
SRV - [2014/01/07 21:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 20:39:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/10 02:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/01 01:58:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/01 17:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/03/11 21:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 07:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 20:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 20:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/23 10:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200)
SRV - [2010/05/20 23:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 21:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/28 23:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/11/05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 01:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/05 08:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/14 11:58:40 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/11 16:54:39 | 000,451,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/26 21:52:20 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2012/05/12 11:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/04/09 15:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/04/05 19:06:06 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 18:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/08/05 10:24:26 | 000,292,024 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/08/02 15:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/12 20:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/03 00:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/26 03:51:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 21:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 21:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/09 02:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/04 02:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 22:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/15 16:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 02:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/16 22:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/29 18:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 17:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 21:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/11 16:10:58 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/08/30 17:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/04/26 18:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/22 17:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 03:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 18:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 22:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/29 23:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 17:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/20 02:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 19:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/15 02:28:50 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 18:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CC62D48F-FD64-4C15-A31F-C5FC5998E48F}
IE:64bit: - HKLM\..\SearchScopes\{CC62D48F-FD64-4C15-A31F-C5FC5998E48F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...244&lg=EN&cc=GB
IE - HKLM\..\SearchScopes,DefaultScope = {CC62D48F-FD64-4C15-A31F-C5FC5998E48F}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...244&lg=EN&cc=GB
IE - HKLM\..\SearchScopes\{CC62D48F-FD64-4C15-A31F-C5FC5998E48F}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {54E5BE8C-83DB-492E-B51B-487043A739DF}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...244&lg=EN&cc=GB
IE - HKCU\..\SearchScopes\{1843DA6D-CE6B-4A92-9547-969EC06B6F69}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\..\SearchScopes\{2452D5B4-1EC1-4A24-85F5-CFC69A0F6AFB}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{54E5BE8C-83DB-492E-B51B-487043A739DF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=GB&l=1&q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: check4change-owner%40mozdev.org:1.9.3
FF - prefs.js..extensions.enabledAddons: contact%40safelinking.net:1.1
FF - prefs.js..extensions.enabledAddons: support%40rpnet.biz:1.045
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.7
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://www.google.co.uk"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "EasyLife"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/16 09:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2013/12/29 21:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\extensions
[2013/12/29 21:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\extensions\staged
[2013/04/12 20:42:43 | 000,001,294 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\delta.xml
[2013/05/13 20:21:49 | 000,000,581 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\EasyLife.xml
[2014/01/14 18:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/01 01:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/01 01:58:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
[2013/04/12 20:42:26 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...rchTerms}&meta=
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.uk/webhp?rls=ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00C3\u0082\u00C2\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Adblock Plus = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_1\
CHR - Extension: Add to Amazon Wish List = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_1\
CHR - Extension: ScummVM = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjnneijgokkhfkjlnodlpmjdamlkbmi\0.0.0.2_1\
CHR - Extension: Tampermonkey = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_1\
CHR - Extension: Google Calendar = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: AdBlock = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_1\
CHR - Extension: TweetDeck by Twitter = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.5.5_1\
CHR - Extension: TweetDeck by Twitter = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.5.6_0\
CHR - Extension: SoundCloud = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_1\
CHR - Extension: Forum Fixer 1000 Beta = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\neipiffpggefpaogjkmcealilmamfahh\1.0_2\
CHR - Extension: Google Wallet = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Toshiba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E492587-42CB-482F-9960-58BAF9DA58E0}: DhcpNameServer = 82.132.254.2 82.132.254.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28131A4B-E0CB-45C2-846F-485CF19B7B60}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F703BE5-10C6-44E1-821D-F4C3EB74F055}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5C72562-DADD-4DEB-A096-2134B07ACA2E}: DhcpNameServer = 82.132.254.3 82.132.254.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/14 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/14 18:28:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/01/14 18:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/12 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/12 17:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/12 17:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/12 16:42:43 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Steam
[2014/01/01 23:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/01/01 23:20:34 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/01/01 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopaDreoop
[2014/01/01 20:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BestSaveFoarYYoU
[2013/12/29 21:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BestSaveFoarYYoU
[2013/12/29 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\jlphihepbeglkncbpgpmfmgodengehic
[2013/12/29 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Packages
[2013/12/29 21:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\3c3f621baa726de4
[2013/12/29 21:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopaDreoop
[2013/12/28 17:59:41 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Unity
[2013/12/28 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Unity
[2013/12/28 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\My Games
[2013/12/28 11:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013/12/28 11:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2013/12/28 09:57:30 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Mix
[2013/12/28 09:54:29 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\MixMeister Technology
[2013/12/28 09:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixMeister
[2013/12/28 09:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixMeister Fusion
[2013/12/28 09:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WinSpeed
[2013/12/21 01:53:12 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Media Player Classic
[2013/12/17 03:00:32 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/15 18:19:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 18:07:24 | 000,780,196 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/15 18:07:24 | 000,665,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/15 18:07:24 | 000,125,906 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/15 18:04:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/15 18:04:16 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 11:57:17 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 11:57:17 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 11:49:31 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 11:49:04 | 000,302,264 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/15 11:48:50 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 18:28:52 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/12 17:11:46 | 000,000,222 | ---- | M] () -- C:\Users\Toshiba\Desktop\Mark of the Ninja.url
[2014/01/12 17:04:56 | 000,000,222 | ---- | M] () -- C:\Users\Toshiba\Desktop\Football Manager 2014.url
[2014/01/12 16:47:37 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/01/01 23:20:34 | 000,002,985 | ---- | M] () -- C:\Users\Toshiba\Desktop\HiJackThis.lnk
[2013/12/28 13:52:10 | 000,053,858 | ---- | M] () -- C:\Users\Toshiba\Documents\NYE.mmp
[2013/12/28 11:35:20 | 000,001,162 | ---- | M] () -- C:\Users\Toshiba\Desktop\Free M4a to MP3 Converter.lnk
[2013/12/28 09:54:09 | 000,001,009 | ---- | M] () -- C:\Users\Toshiba\Desktop\MixMeister Fusion.lnk
[2013/12/16 21:55:11 | 000,005,120 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/14 18:28:52 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/12 17:11:46 | 000,000,222 | ---- | C] () -- C:\Users\Toshiba\Desktop\Mark of the Ninja.url
[2014/01/12 17:04:56 | 000,000,222 | ---- | C] () -- C:\Users\Toshiba\Desktop\Football Manager 2014.url
[2014/01/12 16:47:37 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/01/01 23:20:34 | 000,002,985 | ---- | C] () -- C:\Users\Toshiba\Desktop\HiJackThis.lnk
[2013/12/28 11:35:20 | 000,001,162 | ---- | C] () -- C:\Users\Toshiba\Desktop\Free M4a to MP3 Converter.lnk
[2013/12/28 11:31:41 | 000,053,858 | ---- | C] () -- C:\Users\Toshiba\Documents\NYE.mmp
[2013/12/28 09:54:09 | 000,001,009 | ---- | C] () -- C:\Users\Toshiba\Desktop\MixMeister Fusion.lnk
[2013/03/08 00:27:05 | 000,766,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/07 18:54:05 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\zmbv.dll
[2012/10/06 09:32:00 | 000,005,120 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/16 15:38:34 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/04/05 19:34:44 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/08 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Amazon
[2013/04/12 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AnvSoft
[2013/04/12 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Babylon
[2012/08/15 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Broken Rules
[2012/09/12 23:00:19 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DMCache
[2013/11/30 19:50:55 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Easy BitTorrent Client
[2013/04/04 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FMRTE13
[2012/08/19 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FMRTEv5
[2013/11/25 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Free Download Manager
[2012/08/23 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\MotioninJoy
[2014/01/07 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Mp3tag
[2013/01/24 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\NerdoftheHerd.com
[2013/12/28 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\OpenCandy
[2012/04/25 18:15:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Opera
[2013/12/10 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Origin
[2013/12/01 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\qBittorrent
[2013/03/08 00:32:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SoftGrid Client
[2012/10/22 17:56:38 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Sports Interactive
[2014/01/15 11:47:40 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Spotify
[2013/04/23 16:43:11 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\StarseedPilgrim
[2012/09/16 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Stereoscopic Player
[2013/05/13 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Systweak
[2013/04/29 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\The Creative Assembly
[2013/11/26 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2012/04/16 09:42:33 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TOSHIBA Online Product Information
[2013/03/08 00:27:49 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TP
[2013/12/28 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Unity
[2012/04/05 11:42:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\WinBatch
[2012/04/20 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\www.nerdoftheherd.com

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
pystryker
Posted 16 January 2014 - 09:42 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) Sorry for the delay. I'm currently working up a fix to start getting rid of this problem. There was another log produced in your initial run of OTL called Extras.txt It will be located in the same location where you ran OTL from. In this case, C:\Users\Toshiba\Downloads. Please post that log in your next reply.

Things I need to see in your next post:

Extras.txt
  • 0

#3
pystryker
Posted 17 January 2014 - 07:07 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, we have some work to do, so let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...244&lg=EN&cc=GB
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...244&lg=EN&cc=GB
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...244&lg=EN&cc=GB
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=GB&l=1&q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..extensions.enabledAddons: check4change-owner%40mozdev.org:1.9.3
FF - prefs.js..extensions.enabledAddons: contact%40safelinking.net:1.1
FF - prefs.js..extensions.enabledAddons: support%40rpnet.biz:1.045
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.7
O4:64bit: - HKLM..\Run: [] File not found
[2013/04/12 20:42:43 | 000,001,294 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\delta.xml
[2013/05/13 20:21:49 | 000,000,581 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\EasyLife.xml
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
[2013/04/12 20:42:26 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/01/01 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopaDreoop
[2014/01/01 20:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BestSaveFoarYYoU
[2013/12/29 21:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BestSaveFoarYYoU
[2013/12/29 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\jlphihepbeglkncbpgpmfmgodengehic
[2013/12/29 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Packages
[2013/12/29 21:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\3c3f621baa726de4
[2013/12/29 21:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopaDreoop
[2013/04/12 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Babylon
[2013/12/28 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\OpenCandy

:Commands
[resethosts]
[emptytemp]


  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove." No need to uncheck anything, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 3: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 4: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool

OTL Quick Scan Log
  • 0

#4
Chelmdog
Posted 17 January 2014 - 12:24 PM

Chelmdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

thanks for you response. I disabled my virus protection, performed what you wanted me to do and now I'm turning that protection back on. I have tried to keep the information tidy for you below.

Thanks so far for your help.

OTL Fix Log

saveAll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Prefs.js: S", "EasyLife" removed from browser.search.defaultenginename,S
Prefs.js: "http://search.easyli...N&cc=GB&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "EasyLife" removed from browser.search.order.1
Prefs.js: S", "EasyLife" removed from browser.search.order.1,S
Prefs.js: S", "EasyLife" removed from browser.search.selectedEngine,S
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
Prefs.js: "EasyLife" removed from browser.search.defaultenginename
Prefs.js: check4change-owner%40mozdev.org:1.9.3 removed from extensions.enabledAddons
Prefs.js: contact%40safelinking.net:1.1 removed from extensions.enabledAddons
Prefs.js: support%40rpnet.biz:1.045 removed from extensions.enabledAddons
Prefs.js: artur.dubovoy%40gmail.com:4.0.7 removed from extensions.enabledAddons
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\delta.xml moved successfully.
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\searchplugins\EasyLife.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Program Files (x86)\ShopaDreoop folder moved successfully.
C:\Program Files (x86)\BestSaveFoarYYoU folder moved successfully.
C:\ProgramData\BestSaveFoarYYoU folder moved successfully.
C:\ProgramData\jlphihepbeglkncbpgpmfmgodengehic folder moved successfully.
C:\Users\Toshiba\AppData\Local\Packages\windows_ie_ac_001\AC\{90B7DC41-9C99-5EB2-F593-1A443E1CB354} folder moved successfully.
C:\Users\Toshiba\AppData\Local\Packages\windows_ie_ac_001\AC\{094D79BB-E322-0384-D720-806BA676F39C} folder moved successfully.
C:\Users\Toshiba\AppData\Local\Packages\windows_ie_ac_001\AC folder moved successfully.
C:\Users\Toshiba\AppData\Local\Packages\windows_ie_ac_001 folder moved successfully.
C:\Users\Toshiba\AppData\Local\Packages folder moved successfully.
C:\ProgramData\3c3f621baa726de4 folder moved successfully.
C:\ProgramData\ShopaDreoop folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\OpenCandy\9D153C1C02E74A4B981AEE26517AD9FA folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\OpenCandy\1B446D2FEBE74FBFB4E6C17C66B0AD23 folder moved successfully.
C:\Users\Toshiba\AppData\Roaming\OpenCandy folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Toshiba
->Temp folder emptied: 1160688997 bytes
->Temporary Internet Files folder emptied: 30779155 bytes
->Java cache emptied: 378439 bytes
->FireFox cache emptied: 76713196 bytes
->Google Chrome cache emptied: 439061022 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 17438266 bytes

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 17915752 bytes
%systemroot%\System32 (64bit) .tmp files removed: 39571840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 873520 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304743 bytes
RecycleBin emptied: 11639886800 bytes

Total Files Cleaned = 12,842.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172014_174220

Files\Folders moved on Reboot...
C:\Users\Toshiba\AppData\Local\Temp\jna-Toshiba\jna3759841348459445263.dll moved successfully.
File\Folder C:\Users\Toshiba\AppData\Local\Temp\hsperfdata_Toshiba\5640 not found!
C:\Users\Toshiba\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Toshiba\AppData\Local\Temp\nvSCPAPI64.dll moved successfully.
C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\SysNative\SET315A.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


AdwCleaner Log

# AdwCleaner v3.017 - Report created 17/01/2014 at 17:52:29
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Toshiba - TOSHIBA-TOSH
# Running from : C:\Users\Toshiba\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\ccontineuetoSSaave
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\EasyLife
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Toshiba\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\ccontineuetoSSaave
Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\SearchNewTab
Folder Deleted : C:\Users\Toshiba\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Folder Deleted : C:\Users\Toshiba\Documents\Mobogenie
Folder Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\Extensions\staged
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\invalidprefs.js
File Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\5a2dbd9b13ce440
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.51914b6f3036f.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window[...]
Line Deleted : user_pref("extensions.51914b8bd6ce1.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "1450508100000000000082ca94308ee4");
Line Deleted : user_pref("extensions.delta.instlDay", "15807");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1621:42:43");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8288 octets] - [17/01/2014 17:50:34]
AdwCleaner[S0].txt - [7978 octets] - [17/01/2014 17:52:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8038 octets] ##########


Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Toshiba on 17/01/2014 at 17:57:17.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2787469340-425351475-606945680-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{009FECB0-B3BC-4E18-A470-962B65245063}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{06D6F593-6D76-4633-AFED-E63E22AAA660}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{0BF51B63-ED07-420B-A362-5EBE50DAE13C}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{0CE8F7A1-FDF6-48C5-A93E-CEBB4BBB5065}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{0D9F7810-A113-4F5C-97C7-C4C53FA943C2}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{0E5204FA-5813-4D5D-90F0-DFA3AA2562DB}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{200FDC42-A8F1-4555-AF03-1919BE3E0C87}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{22295F7B-0B24-4B49-90E5-22BB7E6CDCEB}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{27A2CD47-7B61-4E76-83BC-38623CFA46FB}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{2A6B1414-412C-4107-93E9-DE5FB51317F3}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{2B730289-0F01-4E6C-8EA7-32C59BEDA91D}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{3156B0C2-ABA3-4979-81EF-FCA02EC6A543}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{3BAB90FF-F1A1-42F7-9C55-2C9AC7B443A8}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{3BD2CFEB-E885-4FA8-A27C-92B9D0F4D1F4}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{3E7DA8BD-7DB1-4B0E-A4BC-F4DF8921E317}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{53B64A78-A0C5-42CA-AD42-E83BDB07319B}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{56C54353-704E-4A70-8EF6-F47CA0359969}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{5ABDCF82-7E43-48E9-B995-9F43A6093C2A}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{5B5C0F12-A40F-4960-9C35-0241AE77B33A}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{635A733A-54D2-47E7-8BE1-D1B49B48E4C0}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{66876C1E-2477-428F-AC9F-C454831AC6E8}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{725DBA37-D2A3-4867-BC7B-35B7748E5BC4}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{78B0DB08-97B6-4A64-901D-16353FBFD463}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{83FCF01B-9D57-4F3C-8D01-90BB4FDF4369}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{8AE00DFA-5940-4FD4-B0D8-28BF1B7D40EB}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{8D7D27A2-8707-42A3-81BB-03F5F04D1EE3}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{8DAA1888-2E19-4354-8080-732F59C6954B}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{94A1911C-71BB-48AD-9609-BA3155CE7D1C}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{99E2BA91-4609-4D01-B7AE-5B387CBB7F62}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{9D972B1C-8D10-4268-9506-2E3A18E1A921}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A0E29248-CFDF-40DD-8ABA-E2CB070E3745}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A14C22C4-65A0-49A8-9C6E-9FC8398421EF}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A2EFB3E9-6F43-4D12-B604-DE3E69FB2C72}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A37AE020-57B6-4030-81D9-65C3E26A3A4C}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A88F67B2-780E-4B89-B97E-3879AEC6267D}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{A9230D1B-220D-47A7-9378-60BCC5932FE5}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{AD7790FD-5ACD-47DE-8D15-8B25C79BF7A8}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{AFF108C3-303E-4AAD-B7B6-449E04678B0F}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{C2A30265-9D10-44CB-A5E2-28470B9A9E57}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{C2CCB325-6C94-4434-BF91-14A14B17D4B6}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{C4D42DD2-5825-4C8A-A57D-42491D5D46D3}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{CC1A64AB-0229-433E-B215-BFABB7918289}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{CFA272EF-4484-4795-AB64-216A9D1DA4C6}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{D182B80F-D718-49BE-906F-845EB1993253}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{D48222FE-3270-4FE3-BDAF-B9E3732209D0}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{DC754E6A-B480-4C02-B42C-93D295431A52}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{E62038A2-BC06-49A2-AA32-0B1118308FD0}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{E6B20D5B-DA9A-49DF-9BA8-B17F1FCE7D89}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{F60A4497-B57F-4709-9AC6-A510E17EDD33}
Successfully deleted: [Empty Folder] C:\Users\Toshiba\appdata\local\{F6421C8F-93B9-4501-BF0B-8B0D5E94CE23}



~~~ FireFox

Emptied folder: C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\1si0ge0g.default\minidumps [36 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/01/2014 at 18:11:55.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL Quick Scan Log

OTL logfile created on: 1/17/2014 6:13:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toshiba\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 74.93% Memory free
15.95 Gb Paging File | 13.78 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.22 Gb Total Space | 164.34 Gb Free Space | 36.58% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.07 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/17 17:56:47 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Toshiba\Desktop\JRT.exe
PRC - [2014/01/14 18:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
PRC - [2013/12/10 02:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 02:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/04 17:43:41 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Toshiba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/08 20:49:00 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/08 13:43:58 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/08 13:36:58 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/05/09 16:06:02 | 002,750,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011/05/06 10:06:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/11 21:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
PRC - [2011/03/10 17:20:00 | 000,701,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2011/02/01 20:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 20:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/11/21 03:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/16 17:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/06/23 10:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
PRC - [2010/05/20 23:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 21:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/03/11 01:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/28 09:53:47 | 004,246,528 | ---- | M] () -- c:\ProgramData\WinSpeed\WinSpeed.dll
MOD - [2013/12/04 02:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 02:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 02:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 02:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 02:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/10 02:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/26 21:52:20 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011/04/20 18:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/07 20:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/06 02:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/25 03:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/08 22:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 21:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysNative\rundll32.exe -- (f1f78e38)
SRV - [2014/01/07 21:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 20:39:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/10 02:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/01 01:58:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/06 10:06:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/01 17:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/03/11 21:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 07:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 20:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 20:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 09:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/23 10:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200)
SRV - [2010/05/20 23:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 21:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/28 23:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/11/05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 01:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/05 08:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/14 11:58:40 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/11 16:54:39 | 000,451,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/26 21:52:20 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2012/05/12 11:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/04/09 15:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/04/05 19:06:06 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 18:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/08/05 10:24:26 | 000,292,024 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/08/02 15:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/12 20:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/03 00:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/26 03:51:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 21:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 21:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/09 02:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/04 02:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 22:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/15 16:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 02:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/16 22:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/29 18:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 17:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 21:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/11 16:10:58 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/08/30 17:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/04/26 18:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/22 17:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 03:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 18:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 22:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/29 23:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 17:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/20 02:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 19:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/15 02:28:50 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 18:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CC62D48F-FD64-4C15-A31F-C5FC5998E48F}
IE:64bit: - HKLM\..\SearchScopes\{CC62D48F-FD64-4C15-A31F-C5FC5998E48F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CC62D48F-FD64-4C15-A31F-C5FC5998E48F}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1843DA6D-CE6B-4A92-9547-969EC06B6F69}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\..\SearchScopes\{2452D5B4-1EC1-4A24-85F5-CFC69A0F6AFB}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{54E5BE8C-83DB-492E-B51B-487043A739DF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,: ""
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://www.google.co.uk"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/16 09:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2014/01/17 17:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1si0ge0g.default\extensions
[2014/01/14 18:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/01 01:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/01 01:58:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SI0GE0G.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...rchTerms}&meta=
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.uk/webhp?rls=ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00C3\u0082\u00C2\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Adblock Plus = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_1\
CHR - Extension: Add to Amazon Wish List = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_1\
CHR - Extension: ScummVM = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjnneijgokkhfkjlnodlpmjdamlkbmi\0.0.0.2_1\
CHR - Extension: Tampermonkey = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.6.3737_0\
CHR - Extension: Google Calendar = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: AdBlock = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_1\
CHR - Extension: TweetDeck by Twitter = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.5.6_0\
CHR - Extension: SoundCloud = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_1\
CHR - Extension: Forum Fixer 1000 Beta = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\neipiffpggefpaogjkmcealilmamfahh\1.0_2\
CHR - Extension: Google Wallet = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2014/01/17 17:42:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Toshiba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E492587-42CB-482F-9960-58BAF9DA58E0}: DhcpNameServer = 82.132.254.2 82.132.254.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28131A4B-E0CB-45C2-846F-485CF19B7B60}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F703BE5-10C6-44E1-821D-F4C3EB74F055}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5C72562-DADD-4DEB-A096-2134B07ACA2E}: DhcpNameServer = 82.132.254.3 82.132.254.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/17 17:58:02 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Virus
[2014/01/17 17:57:15 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/01/17 17:56:50 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Toshiba\Desktop\JRT.exe
[2014/01/17 17:48:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/17 17:42:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/16 12:10:46 | 000,611,840 | ---- | C] (Orbmu2k) -- C:\Users\Toshiba\Desktop\nvidiaInspector.exe
[2014/01/14 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/14 18:28:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/01/14 18:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/14 18:21:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2014/01/12 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/12 17:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/12 17:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/12 16:42:43 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Steam
[2014/01/01 23:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/01/01 23:20:34 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/28 17:59:41 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Unity
[2013/12/28 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Unity
[2013/12/28 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\My Games
[2013/12/28 11:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013/12/28 11:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2013/12/28 09:57:30 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Mix
[2013/12/28 09:54:29 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\MixMeister Technology
[2013/12/28 09:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixMeister
[2013/12/28 09:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixMeister Fusion
[2013/12/28 09:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WinSpeed
[2013/12/21 01:53:12 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Media Player Classic

========== Files - Modified Within 30 Days ==========

[2014/01/17 18:03:22 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 18:03:22 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 17:56:47 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Toshiba\Desktop\JRT.exe
[2014/01/17 17:54:39 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/17 17:54:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/17 17:54:10 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/17 17:42:46 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/01/17 17:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/17 17:35:30 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/16 12:22:11 | 000,000,222 | ---- | M] () -- C:\Users\Toshiba\Desktop\Sleeping Dogs.url
[2014/01/16 12:12:34 | 000,000,795 | ---- | M] () -- C:\Users\Toshiba\Desktop\NVI_0_2_1550_1250_970.lnk
[2014/01/15 18:07:24 | 000,780,196 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/15 18:07:24 | 000,665,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/15 18:07:24 | 000,125,906 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/15 11:49:04 | 000,302,264 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/14 18:28:52 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 18:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2014/01/12 17:11:46 | 000,000,222 | ---- | M] () -- C:\Users\Toshiba\Desktop\Mark of the Ninja.url
[2014/01/12 17:04:56 | 000,000,222 | ---- | M] () -- C:\Users\Toshiba\Desktop\Football Manager 2014.url
[2014/01/12 16:47:37 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/12/28 13:52:10 | 000,053,858 | ---- | M] () -- C:\Users\Toshiba\Documents\NYE.mmp
[2013/12/28 11:35:20 | 000,001,162 | ---- | M] () -- C:\Users\Toshiba\Desktop\Free M4a to MP3 Converter.lnk
[2013/12/28 09:54:09 | 000,001,009 | ---- | M] () -- C:\Users\Toshiba\Desktop\MixMeister Fusion.lnk

========== Files Created - No Company Name ==========

[2014/01/16 12:22:11 | 000,000,222 | ---- | C] () -- C:\Users\Toshiba\Desktop\Sleeping Dogs.url
[2014/01/16 12:12:33 | 000,000,795 | ---- | C] () -- C:\Users\Toshiba\Desktop\NVI_0_2_1550_1250_970.lnk
[2014/01/14 18:28:52 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/12 17:11:46 | 000,000,222 | ---- | C] () -- C:\Users\Toshiba\Desktop\Mark of the Ninja.url
[2014/01/12 17:04:56 | 000,000,222 | ---- | C] () -- C:\Users\Toshiba\Desktop\Football Manager 2014.url
[2014/01/12 16:47:37 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/12/28 11:35:20 | 000,001,162 | ---- | C] () -- C:\Users\Toshiba\Desktop\Free M4a to MP3 Converter.lnk
[2013/12/28 11:31:41 | 000,053,858 | ---- | C] () -- C:\Users\Toshiba\Documents\NYE.mmp
[2013/12/28 09:54:09 | 000,001,009 | ---- | C] () -- C:\Users\Toshiba\Desktop\MixMeister Fusion.lnk
[2013/03/08 00:27:05 | 000,766,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/07 18:54:05 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\zmbv.dll
[2012/10/06 09:32:00 | 000,005,120 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/16 15:38:34 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/04/05 19:34:44 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/08 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Amazon
[2013/04/12 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AnvSoft
[2012/08/15 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Broken Rules
[2012/09/12 23:00:19 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DMCache
[2013/11/30 19:50:55 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Easy BitTorrent Client
[2013/04/04 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FMRTE13
[2012/08/19 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FMRTEv5
[2013/11/25 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Free Download Manager
[2012/08/23 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\MotioninJoy
[2014/01/07 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Mp3tag
[2013/01/24 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\NerdoftheHerd.com
[2012/04/25 18:15:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Opera
[2013/12/10 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Origin
[2013/12/01 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\qBittorrent
[2013/03/08 00:32:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SoftGrid Client
[2012/10/22 17:56:38 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Sports Interactive
[2014/01/15 11:47:40 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Spotify
[2013/04/23 16:43:11 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\StarseedPilgrim
[2012/09/16 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Stereoscopic Player
[2013/04/29 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\The Creative Assembly
[2013/11/26 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2012/04/16 09:42:33 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TOSHIBA Online Product Information
[2013/03/08 00:27:49 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TP
[2013/12/28 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Unity
[2012/04/05 11:42:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\WinBatch
[2012/04/20 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\www.nerdoftheherd.com

========== Purity Check ==========



< End of report >

Edited by Chelmdog, 18 January 2014 - 05:02 AM.

  • 0

#5
pystryker
Posted 17 January 2014 - 06:02 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

I appreciate the effort, but I need you to paste the logs into your replies without the spoilers. The way they are at the moment makes them a bit difficult to work with. :) You get an A+ for effort though. :thumbsup:

Things are looking good, I have submitted my next steps for approval and as soon as I get approval, we'll proceed. :)
  • 0

#6
Chelmdog
Posted 18 January 2014 - 05:03 AM

Chelmdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Edited my initial post, apologies didn't realise spoilers would be frowned.
  • 0

#7
pystryker
Posted 18 January 2014 - 06:18 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Edited my initial post, apologies didn't realise spoilers would be frowned.


No worries and no apologies needed :) :thumbsup:
  • 0

#8
pystryker
Posted 18 January 2014 - 08:45 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi, let's run a sweep for remnants and check for out of date programs on your machine.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.




Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • 0

#9
Chelmdog
Posted 19 January 2014 - 04:31 AM

Chelmdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK, thanks again.

Done... ESET took aaaages, so left it running overnight.

Looking forward to your next message!


ESET Scan Log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b1ce43771bce2042bc89be9b90649b0f
# engine=16703
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-19 03:17:51
# local_time=2014-01-19 03:17:51 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 16429316 142566521 0 0
# scanned=616795
# found=18
# cleaned=17
# scan_time=33933
sh=46A3F4F559D02A1693AAB5F71064F11AB48E4BF4 ft=1 fh=c71c0011f923ca47 vn="a variant of Win32/SProtector.D application" ac=I fn="C:\Users\All Users\WinSpeed\WinSpeed.dll"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="a variant of Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\ccontineuetoSSaave\51914b6f30456.dll.vir"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="a variant of Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\51914b8bd6dc9.dll.vir"
sh=CF18840729B8AD7C1CA5D151AA1FB186C7AF4B1D ft=1 fh=679f5a594ad72b49 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Downloads\Software\Filegag_downloader_by_Filegag.exe"
sh=38B4F520AD6E946CEAD469798A317E0DDF47B6FB ft=1 fh=b5b717885035b82d vn="Win32/Adware.Yontoo.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Downloads\Software\firstrowsportapp_setup(21).exe"
sh=C4ECD569EC63E6741D5A0BDA7C02AC4B3302C7B9 ft=1 fh=b3ce349f22d4038f vn="a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Downloads\Software\backups\backup-20121226-173339-170.dll"
sh=C4ECD569EC63E6741D5A0BDA7C02AC4B3302C7B9 ft=1 fh=b3ce349f22d4038f vn="a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Downloads\Software\backups\backup-20121226-173415-158.dll"
sh=46A3F4F559D02A1693AAB5F71064F11AB48E4BF4 ft=1 fh=c71c0011f923ca47 vn="a variant of Win32/SProtector.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\ProgramData\WinSpeed\WinSpeed.dll"
sh=40D5442B0554C9278465143D2735A529081ACB94 ft=1 fh=86510af30b627c75 vn="a variant of Win32/SProtector.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\ProgramData\WinSpeed\WinSpeedSvc.dll"
sh=40D5442B0554C9278465143D2735A529081ACB94 ft=1 fh=86510af30b627c75 vn="a variant of Win32/SProtector.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\All Users\WinSpeed\WinSpeedSvc.dll"
sh=2E6A73BB070C816FB519BB10AEEFECEB6826F3A0 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Small.AAB trojan (deleted - quarantined)" ac=C fn="C:\Users\Toshiba\AppData\Roaming\Apple Computer\MobileSync\Backup\148fb455d3e0e203556f8ad3c4ed28b1e4ec9441\77336383d937d6c19bf4953001dbf18223428b59"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Toshiba\Downloads\cbsidlm-cbsi145-Free_M4a_to_MP3_Converter-ORG-187723.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Toshiba\Downloads\ccsetup401.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Toshiba\Downloads\ccsetup408 (1).exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Toshiba\Downloads\ccsetup408.exe"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="a variant of Win32/Toolbar.Babylon.C application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\01172014_174220\C_Users\Toshiba\AppData\Roaming\OpenCandy\1B446D2FEBE74FBFB4E6C17C66B0AD23\DeltaTB.exe"
sh=8212984C1074E7019F8354A7D045356BE2122078 ft=1 fh=9a63cf42eeb31194 vn="a variant of Win32/OpenCandy.A application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\01172014_174220\C_Users\Toshiba\AppData\Roaming\OpenCandy\1B446D2FEBE74FBFB4E6C17C66B0AD23\OCBrowserHelper_1.0.6.124.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/SProtector.D application (contained infected files)" ac=C fn="${Memory}"



MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Toshiba :: TOSHIBA-TOSH [administrator]

18/01/2014 15:02:20
mbam-log-2014-01-18 (15-02-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231010
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Toshiba\Downloads\DPRAM.rar.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Toshiba\Downloads\Easy Torrent.exe (PUP.Optional.Freemium.A) -> Quarantined and deleted successfully.

(end)


SecurityCheck Log

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
TOSHIBA TOSHIBA Online Product Information TOPI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#10
pystryker
Posted 19 January 2014 - 07:01 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)


Done... ESET took aaaages, so left it running overnight.


Indeed, that scan can take quite a while. :thumbsup: Things are looking very good! Let's get rid of a couple of orphans.


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()

:Files
C:\Users\All Users\WinSpeed

:Commands
[reboot]




  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. If the log doesn't open, you can find a copy of it here: C:\_OTL\MovedFiles Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log
  • 0

Advertisements

#11
Chelmdog
Posted 19 January 2014 - 08:28 AM

Chelmdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK, done that.

Really appreciate all this help.

OTL Fix Log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~3\WinSpeed\WINSPE~1.DLL deleted successfully.
C:\ProgramData\WinSpeed\WinSpeed_x64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\winspeed\winspeed.dll deleted successfully.
File c:\ProgramData\WinSpeed\WinSpeed.dll not found.
========== FILES ==========
Folder move failed. C:\Users\All Users\WinSpeed scheduled to be moved on reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01192014_142113

Files\Folders moved on Reboot...
C:\Users\All Users\WinSpeed folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
pystryker
Posted 19 January 2014 - 01:44 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

OK, done that.

Really appreciate all this help.


You're very much welcome. :thumbsup: I'm awaiting approval for my next set of instructions and we'll proceed from here. :)
  • 0

#13
pystryker
Posted 19 January 2014 - 04:16 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.

Ok, here we go:


Step 1: Remove old restore points and create a new one.


We're going to delete your old restore points and create a new one. We do this in case you need to do a system restore, you will have a clean restore point.

Please follow the instructions below:

  • Start OTL and copy the text in the quote box below.
  • Paste the contents into the Custom Scans/Fixes box and click the Run Fix button.
  • OTL will delete the old restore points and create a new one.

:Files
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]




Step 2: Program Updates and FileHippo Installation


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.



  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader

  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.


Download Filehippo Updatechecker


Step 3: Tool Removal


  • Start AdwCleaner and click the Uninstall button. It will remove the quarantined files and uninstall itself.
  • You can delete Junkware Removal Tool from your desktop.
  • You can uninstall ESET Online Scanner at this time.
  • I'd recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week.
  • You can delete SecurityCheck from your desktop.
  • Start OTL and click the Cleanup button. OTL will delete it's quarantined files and then uninstall itself.



Step 4: Tips, Information, and protection against CryptoLocker


  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)
  • To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image


Are there any further issues I can assist you with?
  • 0

#14
Chelmdog
Posted 19 January 2014 - 06:03 PM

Chelmdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Well thanks for very much for your help this weekend.

I can begin the next week malware free! I will try and be more careful in future and didn't realise what a security nightmare that Java was.

You've done an excellent job, thank you so much.

If there's any place I can donate? A charity of your choosing maybe, that would be great.

Regards,

Chelmdog.
  • 0

#15
pystryker
Posted 19 January 2014 - 08:09 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Well thanks for very much for your help this weekend.

I can begin the next week malware free! I will try and be more careful in future and didn't realise what a security nightmare that Java was.

You've done an excellent job, thank you so much.


You're very welcome, it's my pleasure. :) :thumbsup:

If there's any place I can donate? A charity of your choosing maybe, that would be great.


That's very kind of you. :) If you would like, you can donate to the site to help defray the costs of running the site. I've included a link below to the site's donation information. Again, thank you! :)

Donation Information
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP