Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

adnxs popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

adnxs popups

Unread postby red33 » September 3rd, 2012, 10:18 am

Hello - never reached out like this before, but popups driving me crazy. Happens on Yahoo articles mostly. Just clicking on the page to scroll or clicking an article link initiates a popup with ib.adnxs in the heading.

Thank you so much for your time.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by JSM at 9:53:48 on 2012-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4087 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: VideoFileDownload: {68dd98bf-9de8-418c-89f0-e37ac61cc2d9} - C:\Program Files (x86)\OApps\bho_project.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [PlayNC Launcher]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ImpulseFastStart] "C:\Program Files (x86)\Stardock\Impulse\Impulse.exe" /fastload
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A1FE2855-857A-4E96-8CF1-BDC8AD186E63} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E777E00F-D051-474E-91D3-454FBA93D80E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: VideoFileDownload: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files (x86)\OApps\bho_project.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1301010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1301010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1301010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1301010.003\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1301010.003\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1301010.003\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSviA64.sys [2012-8-31 512672]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1301010.003\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1301010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\NAVx64\1301010.003\SYMNETS.SYS --> C:\windows\system32\drivers\NAVx64\1301010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe [2012-3-26 138760]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-1 1258856]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-24 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250568]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-6-8 401920]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-3-20 25832]
S3 EraserUtilDrv11113;EraserUtilDrv11113;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [2012-3-26 136824]
S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-5-30 138360]
S3 EraserUtilDrv11210;EraserUtilDrv11210;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [2012-8-8 138912]
S3 EraserUtilDrv11220;EraserUtilDrv11220;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2012-9-2 138912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-20 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-02 03:11:21 -------- d-----w- C:\temp
2012-08-31 17:00:13 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-08-30 11:59:43 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-25 18:57:21 -------- d-----w- C:\Users\JSM\AppData\Roaming\Malwarebytes
2012-08-25 18:56:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-25 18:56:42 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-25 18:56:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 16:17:49 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-19 19:19:33 122880 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2E87.tmp.dat
2012-08-18 20:42:26 -------- d-----w- C:\Users\JSM\AppData\Roaming\DesktopCal
2012-08-18 20:42:19 -------- d-----w- C:\Program Files (x86)\DesktopCal
2012-08-18 16:31:48 -------- d-----w- C:\Users\JSM\AppData\Local\{6EFE6F83-BF09-4B4D-9C4B-CE5C4ECDD259}
2012-08-18 16:31:36 -------- d-----w- C:\Users\JSM\AppData\Local\{3FCB102B-740D-408E-AC22-F026C218FDD9}
2012-08-15 14:09:53 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-15 14:09:53 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 14:09:52 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-15 14:09:52 67072 ----a-w- C:\windows\splwow64.exe
2012-08-15 14:09:52 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-15 14:09:52 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 14:09:51 59392 ----a-w- C:\windows\System32\browcli.dll
2012-08-15 14:09:51 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 14:09:51 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-15 14:09:50 956928 ----a-w- C:\windows\System32\localspl.dll
2012-08-15 14:09:50 3148800 ----a-w- C:\windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-29 00:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-28 23:58:25 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 23:58:25 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 12:17:28 891240 ----a-w- C:\windows\System32\nvvsvc.exe
2012-08-22 12:17:28 63336 ----a-w- C:\windows\System32\nvshext.dll
2012-08-22 12:17:28 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll
2012-08-22 12:17:28 118120 ----a-w- C:\windows\System32\nvmctray.dll
2012-08-22 12:17:27 865640 ----a-w- C:\windows\System32\nv3dappshext.dll
2012-08-22 12:17:27 3492915 ----a-w- C:\windows\System32\nvcoproc.bin
2012-08-22 12:17:27 2557800 ----a-w- C:\windows\System32\nvsvcr.dll
2012-08-22 12:17:14 3266920 ----a-w- C:\windows\System32\nvsvc64.dll
2012-08-22 12:17:11 6198120 ----a-w- C:\windows\System32\nvcpl.dll
2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe
2012-06-29 21:53:07 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
.
============= FINISH: 9:54:03.87 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2012 7:51:21 PM
System Uptime: 9/3/2012 8:46:53 AM (1 hours ago)
.
Motherboard: TOSHIBA | | PGRAA
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 299.366 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 8/18/2012 4:01:26 PM - August 18, 2012 - before desktop calendar
RP97: 8/23/2012 12:16:41 PM - Installed Java(TM) 6 Update 34
RP98: 8/23/2012 1:23:40 PM - Windows Backup
RP99: 8/31/2012 7:12:06 AM - Installed Java(TM) 6 Update 35
RP100: 9/1/2012 10:55:25 PM - Sept 1 before nvidia 304.79 update
RP101: 9/1/2012 11:10:27 PM - Device Driver Package Install: NVIDIA Display adapters
RP102: 9/1/2012 11:12:21 PM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers
.
==== Installed Programs ======================
.
10 Talismans
7 Wonders: The Treasures of Seven
ABBYY FineReader 6.0 Sprint
ACW 3.0 Brothers vs Brothers Music
ACW 3.0 Brothers vs Brothers
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Amazon Games & Software Downloader
Amazon Links
Amazon MP3 Downloader 1.0.15
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Assassin's Creed
Atheros Driver Installation Program
Azkend
Batman: Arkham City Demo
Bejeweled 3
Bejeweled Twist
Big Kahuna Reef 2 - Chain Reaction
Call of Duty 4: Modern Warfare
Collectorz.com Comic Collector
Company of Heroes
Company of Heroes - FAKEMSI
Compatibility Pack for the 2007 Office system
D3DX10
DC Universe Online
Dragon Age: Origins
Dynomite! Deluxe
Empire: Total Factions 2.1
Empire: Total War
Epson Event Manager
EPSON Scan
EpsonNet Config V3
EpsonNet Print
Fallout 3 - Game of the Year Edition
Flower Paradise
Google Chrome
Google Update Helper
Grand Theft Auto IV
Guild Wars
Guild Wars 2
Impulse
Inca Ball
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 35
Jewel Match 2
JMicron Flash Media Controller Driver
Junk Mail filter update
Katawa Shoujo
KrissX
Label@Once 1.0
Liong The Dragon Dance
Luxor 3
Luxor HD
Luxor: Quest for the Afterlife
Mahjong Epic
Mahjong Quest
Mahjong Quest 2
Mahjong Quest 3
Mahjongg Artifacts Chapter 2
Malwarebytes Anti-Malware version 1.62.0.1300
Medieval II Total War
Mesh Runtime
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napoleon: Total War
NCsoft Launcher
Norton AntiVirus
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Pando Media Booster
Pantech PCSuite
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Star Trek Online
Steam
swMSM
TaxACT 2007
TaxACT 2008
TaxACT 2008 West Virginia
TaxACT 2009
TaxACT 2009 West Virginia
TaxACT 2010
TaxACT 2010 West Virginia
TaxACT 2011 - 1040 Edition
TaxACT 2011 West Virginia
TaxACT Maryland 2007
TaxACT West Virginia 2007
The Sims 2
The Sims 2 Nightlife
The Treasures Of Montezuma
The Treasures of Montezuma 3
The Witcher
Titan Quest Demo
Tomb Raider: Anniversary Demo
Tomb Raider: Legend Demo
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
VideoFileDownload
VLC media player 2.0.1
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World in Conflict: Soviet Assault
World of Goo
YNAB 3 version 3.6.3
YNAB 4 version 4.1.127
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 7:04:54 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/1/2012 7:04:54 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
8/27/2012 7:03:33 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am
Advertisement
Register to Remove

Re: adnxs popups

Unread postby tim s » September 5th, 2012, 12:29 am

Hi red33,

Welcome to Malware Removal Forum.
My name is Tim, and I will be helping you with your malware problems. This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Re: adnxs popups

Unread postby red33 » September 5th, 2012, 7:03 am

Hi Tim,

Yes, still having the same popups. I only use Firefox and it only seems to happen on Yahoo really. I have backed up my files in the meantime. Thank you for taking me on, so to speak! I really appreciate the help. - Red33
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby tim s » September 6th, 2012, 9:29 am

Hi red33,

Ok first will need you to uninstall these programs:

Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click on Start -> Control Panel and depends on View by selection in upper right corner:
    • If Category - click on Uninstall Programs.
    • If Icons - click on Programs and Features.
  2. Locate the following program:
    VideoFileDownload
    Pando Media Booster
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled, please close Control Panel.
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------------

I will need to have a look at these logs please do the following:

Download OTL by OldTimer to your Desktop.

Alternative Download

  • Double click OTL.exe to launch the program.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

If logs are too long to fit in one reply. Just separate in to mutiple replies.

--------------------------------------------------------------------
Ok This is next:


Please download SystemLook from one of the links below and save it to your Desktop.
For 64 bit Systems:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *bho_project.dll*
    *eoengine*
    *eobho*
    *EoRezo*
    
    :folderfind
    *OApps*
    
    :Regfind
    bho_project.dll
    OApps
    AFBB7970-789A-4264-BA70-E8127DECE400
    18AF7201-4F14-4BCF-93FE-45617CF259FF
    DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
    C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
    EoRezo
    eobho
    ieobho
    eoengine
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please Post theses in next reply:
OTL.txt
Extras.txt
SystemLook.txt
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Re: adnxs popups

Unread postby red33 » September 6th, 2012, 12:31 pm

OK, here are the logs you requested. (FYI - my Norton kept telling me that the OTL.exe was unsafe or acting suspiciously. I allowed it though, so hopefully that was correct!) - Thanks - Red33

OTL logfile created on: 9/6/2012 12:11:01 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\JSM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 65.61% Memory free
11.82 Gb Paging File | 9.73 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.56 Gb Total Space | 299.42 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

Computer Name: QOSMIO | User Name: JSM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 11:54:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\JSM\Desktop\OTL.exe
PRC - [2012/09/04 21:09:41 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/30 07:59:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/22 09:46:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/04 09:31:29 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/08/16 14:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2010/06/04 20:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/02/19 17:05:24 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/04 21:09:41 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/04 21:09:40 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/04 21:09:40 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/04 21:09:40 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/04 21:09:40 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 07:59:43 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/07 00:33:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 19:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/04 21:09:41 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/30 07:59:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/28 19:58:25 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/22 09:46:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/01 21:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/22 09:46:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/05/30 09:32:26 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/05/30 09:32:26 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/03/26 17:08:18 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 09:03:41 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/08 19:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/08/02 22:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 22:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/07/28 23:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 22:18:39 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 22:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/02 21:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/23 21:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 19:27:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 23:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 18:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/18 20:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/06 12:07:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120906.002\ex64.sys -- (NAVEX15)
DRV - [2012/09/06 12:07:56 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120906.002\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120906.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/05 20:12:01 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/05 20:12:01 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/08 09:02:23 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - [2012/05/30 07:15:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/03/20 13:58:55 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 05:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1610017C-2467-442E-992E-46E81ED85601}
IE:64bit: - HKLM\..\SearchScopes\{1610017C-2467-442E-992E-46E81ED85601}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1610017C-2467-442E-992E-46E81ED85601}
IE - HKLM\..\SearchScopes\{1610017C-2467-442E-992E-46E81ED85601}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..\SearchScopes,DefaultScope = {1610017C-2467-442E-992E-46E81ED85601}
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..\SearchScopes\{1610017C-2467-442E-992E-46E81ED85601}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..\SearchScopes\{CC87BDF6-C4BE-481F-AEB3-FB04812EBEEA}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: skzxiipcpr@skzxiipcpr.org:1.0
FF - prefs.js..extensions.enabledAddons: {37fa1426-b82d-11db-8314-0800200c9a66}:2.9.11
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/09/06 11:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 07:59:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 07:59:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/20 09:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JSM\AppData\Roaming\Mozilla\Extensions
[2012/08/15 15:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions
[2012/07/17 06:57:23 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com
[2012/08/01 10:15:55 | 000,001,678 | ---- | M] () (No name found) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\skzxiipcpr@skzxiipcpr.org.xpi
[2012/08/15 15:54:47 | 000,195,972 | ---- | M] () (No name found) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012/05/30 11:09:52 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/08/31 07:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/23 12:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/08/31 07:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/30 07:59:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 07:59:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 07:59:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\JSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\JSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (no name) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001..\Run: [ImpulseFastStart] "C:\Program Files (x86)\Stardock\Impulse\Impulse.exe" /fastload File not found
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-839471014-3389720634-1650080027-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-839471014-3389720634-1650080027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1FE2855-857A-4E96-8CF1-BDC8AD186E63}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E777E00F-D051-474E-91D3-454FBA93D80E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 11:54:13 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\JSM\Desktop\OTL.exe
[2012/09/01 23:11:21 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/01 23:09:51 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2012/09/01 23:09:51 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2012/09/01 23:09:51 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2012/09/01 23:09:51 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2012/09/01 23:09:51 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2012/09/01 23:09:51 | 015,291,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2012/09/01 23:09:51 | 014,879,080 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2012/09/01 23:09:51 | 012,465,512 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2012/09/01 23:09:51 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2012/09/01 23:09:51 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2012/09/01 23:09:51 | 007,387,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2012/09/01 23:09:51 | 006,100,328 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2012/09/01 23:09:51 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2012/09/01 23:09:51 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2012/09/01 23:09:51 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2012/09/01 23:09:51 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2012/09/01 23:09:51 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll
[2012/09/01 23:09:51 | 000,030,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys
[2012/09/01 22:35:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JSM\Desktop\dds.scr
[2012/09/01 22:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/08/31 13:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/31 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/31 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\JSM\Documents\Guild Wars 2
[2012/08/31 07:13:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/08/31 07:13:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/08/31 07:13:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/08/25 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\JSM\AppData\Roaming\Malwarebytes
[2012/08/25 14:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/25 14:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/25 14:56:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/25 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/23 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/23 12:17:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/08/23 12:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/21 14:27:16 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/08/18 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\JSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Calendar
[2012/08/18 16:42:26 | 000,000,000 | ---D | C] -- C:\Users\JSM\AppData\Roaming\DesktopCal
[2012/08/18 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DesktopCal
[2012/08/18 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\JSM\AppData\Local\{6EFE6F83-BF09-4B4D-9C4B-CE5C4ECDD259}
[2012/08/18 12:31:36 | 000,000,000 | ---D | C] -- C:\Users\JSM\AppData\Local\{3FCB102B-740D-408E-AC22-F026C218FDD9}
[2012/08/16 11:52:20 | 000,000,000 | ---D | C] -- C:\Users\JSM\Documents\BILLS
[2012/08/16 08:17:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/16 08:17:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/16 08:17:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/16 08:17:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/16 08:17:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/16 08:17:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/16 08:17:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/16 08:17:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/16 08:17:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/16 08:17:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/16 08:17:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/16 08:17:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/16 08:17:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/15 10:09:53 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/15 10:09:52 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/15 10:09:52 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/15 10:09:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/15 10:09:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/15 10:09:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/15 10:09:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/15 10:09:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 12:10:05 | 000,165,376 | ---- | M] () -- C:\Users\JSM\Desktop\SystemLook_x64.exe
[2012/09/06 11:54:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\JSM\Desktop\OTL.exe
[2012/09/06 11:54:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 11:52:25 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 11:52:25 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 11:52:16 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/06 11:52:16 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/06 11:52:16 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/06 11:45:07 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 11:44:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/06 11:44:49 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 23:45:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 19:39:23 | 000,048,535 | ---- | M] () -- C:\Users\JSM\Documents\SunTrust Mail-in-deposit address.pdf
[2012/09/03 13:57:46 | 000,000,076 | ---- | M] () -- C:\Users\JSM\Desktop\MalWare Removal • View forum - Malware Removal.URL
[2012/09/01 22:35:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JSM\Desktop\dds.scr
[2012/09/01 13:57:42 | 000,000,990 | ---- | M] () -- C:\Users\JSM\Desktop\YNAB 4.lnk
[2012/08/31 16:57:26 | 001,786,866 | ---- | M] () -- C:\Users\JSM\Documents\Statewide General.pdf
[2012/08/31 13:00:14 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/08/28 19:58:25 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/28 19:58:25 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/28 13:35:49 | 000,000,110 | ---- | M] () -- C:\Users\JSM\Desktop\Regal Westview Stadium 16 & IMAX Showtimes and Tickets.URL
[2012/08/28 13:32:43 | 000,000,121 | ---- | M] () -- C:\Users\JSM\Desktop\Indiana Jones and The Raiders of the Lost Ark The IMAX Experience Movie Indiana Jones and The Raiders of the Lost Ark The IM.URL
[2012/08/25 14:56:44 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 09:46:00 | 026,228,072 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2012/08/22 09:46:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2012/08/22 09:46:00 | 019,828,584 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2012/08/22 09:46:00 | 018,229,096 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2012/08/22 09:46:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2012/08/22 09:46:00 | 015,291,752 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2012/08/22 09:46:00 | 014,879,080 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2012/08/22 09:46:00 | 012,465,512 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2012/08/22 09:46:00 | 009,066,344 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2012/08/22 09:46:00 | 007,626,088 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2012/08/22 09:46:00 | 007,387,496 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2012/08/22 09:46:00 | 006,100,328 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2012/08/22 09:46:00 | 002,745,192 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2012/08/22 09:46:00 | 002,725,224 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll
[2012/08/22 09:46:00 | 002,573,672 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2012/08/22 09:46:00 | 002,422,120 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll
[2012/08/22 09:46:00 | 002,216,808 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2012/08/22 09:46:00 | 001,866,088 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2012/08/22 09:46:00 | 001,763,688 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco64.dll
[2012/08/22 09:46:00 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll
[2012/08/22 09:46:00 | 000,971,624 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvumdshimx.dll
[2012/08/22 09:46:00 | 000,830,312 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2012/08/22 09:46:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2012/08/22 09:46:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2012/08/22 09:46:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys
[2012/08/22 09:46:00 | 000,016,366 | ---- | M] () -- C:\windows\SysNative\nvinfo.pb
[2012/08/22 08:17:28 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll
[2012/08/22 08:17:28 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll
[2012/08/22 08:17:28 | 000,055,144 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshextr.dll
[2012/08/22 08:17:27 | 003,492,915 | ---- | M] () -- C:\windows\SysNative\nvcoproc.bin
[2012/08/22 08:17:27 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll
[2012/08/22 08:17:27 | 000,865,640 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshext.dll
[2012/08/22 08:17:14 | 003,266,920 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll
[2012/08/22 08:17:11 | 006,198,120 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll
[2012/08/21 14:27:12 | 345,177,488 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/08/16 08:31:25 | 000,285,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/16 08:16:56 | 000,000,118 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/08/14 20:17:09 | 000,053,684 | ---- | M] () -- C:\Users\JSM\Documents\Ryan_ GOP ticket to wait to disclose tax specifics - Yahoo! News.pdf
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 12:10:04 | 000,165,376 | ---- | C] () -- C:\Users\JSM\Desktop\SystemLook_x64.exe
[2012/09/05 19:39:23 | 000,048,535 | ---- | C] () -- C:\Users\JSM\Documents\SunTrust Mail-in-deposit address.pdf
[2012/09/03 13:57:46 | 000,000,076 | ---- | C] () -- C:\Users\JSM\Desktop\MalWare Removal • View forum - Malware Removal.URL
[2012/08/31 16:57:26 | 001,786,866 | ---- | C] () -- C:\Users\JSM\Documents\Statewide General.pdf
[2012/08/31 13:00:14 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/28 13:35:49 | 000,000,110 | ---- | C] () -- C:\Users\JSM\Desktop\Regal Westview Stadium 16 & IMAX Showtimes and Tickets.URL
[2012/08/28 13:32:43 | 000,000,121 | ---- | C] () -- C:\Users\JSM\Desktop\Indiana Jones and The Raiders of the Lost Ark The IMAX Experience Movie Indiana Jones and The Raiders of the Lost Ark The IM.URL
[2012/08/25 14:56:43 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 14:27:12 | 345,177,488 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/08/16 08:16:56 | 000,000,118 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/08/14 20:17:09 | 000,053,684 | ---- | C] () -- C:\Users\JSM\Documents\Ryan_ GOP ticket to wait to disclose tax specifics - Yahoo! News.pdf
[2012/07/20 21:32:08 | 000,031,104 | ---- | C] () -- C:\Users\JSM\Serta iSeries King Mattress Set, Vivid Dream Tight Top Firm - King Mattresses - mattresses - Macy's.pdf
[2012/07/19 17:23:19 | 003,566,434 | ---- | C] () -- C:\windows\SysWow64\fun_avcodec.dll
[2012/07/19 17:23:19 | 000,827,392 | ---- | C] () -- C:\windows\SysWow64\Mpeg4System.dll
[2012/07/19 17:23:19 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\Mpeg4Tools.dll
[2012/07/19 17:23:19 | 000,122,880 | ---- | C] () -- C:\windows\SysWow64\Mpeg4DSF.dll
[2012/07/19 17:23:19 | 000,042,108 | ---- | C] () -- C:\windows\SysWow64\fun_avutil.dll
[2012/07/19 17:23:18 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\EvrcDecDll.dll
[2012/07/19 17:23:18 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\AMRDSF.dll
[2012/07/19 17:23:17 | 000,241,664 | ---- | C] () -- C:\windows\SysWow64\AMR.dll
[2012/07/13 19:08:57 | 000,000,060 | ---- | C] () -- C:\windows\TaxACT11.ini
[2012/07/13 19:06:59 | 000,000,060 | ---- | C] () -- C:\windows\TaxACT10.ini
[2012/07/13 19:05:46 | 000,000,060 | ---- | C] () -- C:\windows\TaxACT09.ini
[2012/07/13 19:04:33 | 000,000,080 | ---- | C] () -- C:\windows\TaxACT08.ini
[2012/07/13 19:03:18 | 000,000,080 | ---- | C] () -- C:\windows\TaxACT07.ini
[2012/07/05 14:56:26 | 000,000,804 | ---- | C] () -- C:\Users\JSM\AppData\Local\{1e493b1b-4f99-9535-bc3f-f64c66683935}\L\00000004.@
[2012/06/07 06:47:38 | 104,815,060 | ---- | C] () -- C:\Users\JSM\G2012-043_2012_Venus_Transit_FINAL.wmv
[2012/05/19 08:33:43 | 001,639,789 | ---- | C] () -- C:\Users\JSM\winrar-x64-411.exe
[2012/04/02 10:48:57 | 000,007,596 | ---- | C] () -- C:\Users\JSM\AppData\Local\Resmon.ResmonCfg
[2012/03/31 18:51:54 | 000,000,832 | ---- | C] () -- C:\windows\SysWow64\E_ADDNET.DAT
[2012/03/31 18:33:55 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/03/31 18:33:55 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/03/31 18:33:55 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/03/31 18:33:55 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/03/31 18:33:55 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/03/31 18:33:55 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/03/31 18:33:55 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/03/31 18:33:55 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/03/31 18:33:55 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/03/31 18:33:55 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/31 18:33:55 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/31 18:33:55 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/31 18:33:55 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/31 18:33:55 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/31 18:33:55 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/31 18:33:55 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/03/31 18:32:06 | 000,000,079 | ---- | C] () -- C:\windows\EPWF600.ini
[2012/03/20 15:35:57 | 000,002,048 | -HS- | C] () -- C:\Users\JSM\AppData\Local\{1e493b1b-4f99-9535-bc3f-f64c66683935}\@
[2012/03/20 09:52:34 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/27 13:53:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/27 13:53:58 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/27 13:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/27 13:48:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/06/27 13:28:08 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 16:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2012/05/25 07:26:50 | 000,000,000 | -HSD | M] -- C:\Users\JSM\AppData\Roaming\.#
[2012/04/05 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Amazon
[2012/03/20 11:50:08 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\com.ynab.YNAB3.LiveCaptive.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/06/27 12:10:12 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2012/08/18 16:42:26 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\DesktopCal
[2012/04/01 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Epson
[2012/05/19 12:01:05 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\FreeTorrentViewer
[2012/06/08 10:36:04 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Friday's games
[2012/06/08 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Gaijin Ent
[2012/07/21 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\iWin
[2012/06/10 20:29:13 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\JewelMatch2
[2012/03/31 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Leadertech
[2012/07/19 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Pantech
[2012/07/11 06:30:09 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\PDF Writer
[2012/05/19 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\RenPy
[2012/05/26 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\runic games
[2012/07/17 07:09:00 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Stardock
[2012/08/07 19:50:58 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\The Creative Assembly
[2012/03/19 21:10:35 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Tific
[2012/05/21 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Toshiba
[2012/03/30 20:42:32 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\Ubisoft
[2012/07/31 20:27:25 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\WildTangent
[2012/03/19 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\WinBatch
[2012/07/19 11:49:50 | 000,000,000 | ---D | M] -- C:\Users\JSM\AppData\Roaming\xsecva
[2012/06/16 04:31:52 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby red33 » September 6th, 2012, 12:33 pm

EXTRAS LOGFILE

OTL Extras logfile created on: 9/6/2012 12:11:01 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\JSM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 65.61% Memory free
11.82 Gb Paging File | 9.73 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.56 Gb Total Space | 299.42 Gb Free Space | 51.66% Space Free | Partition Type: NTFS

Computer Name: QOSMIO | User Name: JSM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC7A0E1-14F3-43E7-B8F2-75601189EEE9}" = lport=139 | protocol=6 | dir=in | app=system |
"{0D1BC3D2-B247-49B9-AEBD-041A00BBDA3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{174E2AED-A892-4B43-9725-28E751E25ECA}" = rport=139 | protocol=6 | dir=out | app=system |
"{1824485A-FBFE-4906-AA14-A79173AA6776}" = lport=445 | protocol=6 | dir=in | app=system |
"{31AE604E-ED01-4B84-86A8-A8079AE2493A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F639C6D-C98C-4954-BBD7-9EE0DEBB2403}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{423A3AA0-C52F-43CE-B313-EA8D1EB62A00}" = rport=138 | protocol=17 | dir=out | app=system |
"{44AF9C3E-970B-4EA5-8A95-63548A62C093}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F9DFBD3-82A1-4C37-ADE1-7A41AC2542F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{502874DE-29C0-4D15-904D-40E1C85A4D93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{545F4D10-559A-4D67-821D-B0C315A8B443}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F6F1E91-C344-4185-A60C-082C17898339}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7612E149-DFA0-4314-85BF-222CC0082211}" = lport=10243 | protocol=6 | dir=in | app=system |
"{79FD42AE-8BC9-47F0-A064-EC989D84576A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D86F45D-07A6-4069-AC30-B3291BCED45B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{982CD052-C30B-4A99-9046-1345C48EF87A}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BADDE57-1AF7-4006-99B0-F27F015875AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E486865-300B-499C-B701-3BD2DC547E89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9F973E2-9532-4B7A-9C32-AC2B9D297CA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2496B1F-5B61-4A5C-9ABB-4EEF62D351EB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B3C1348D-1FCF-4A2D-8FC4-054DE17C3013}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CDC56828-718D-4CD5-9292-26244714C445}" = lport=137 | protocol=17 | dir=in | app=system |
"{D69946AE-70F1-4AEE-B9D6-B0ADBB45CEF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC1EFF66-094A-497E-A9E6-3EDCB67970DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7B32391-833E-4B74-B964-6DE95B1C946B}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4FD39-BDBF-410E-8B07-B5B923F81B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{032E78AC-16D9-4E7E-8C87-646535CDEF6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider anniversary demo\tra.exe |
"{057154DF-0776-46A5-91C4-EE65AFFA80ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\runlauncher.bat |
"{0651645B-E2A9-4FC9-8BA9-C2D04A3168BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09038103-E5E1-483F-980C-B5AB72D7482E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BAFAF6E-2EE4-4CF7-8140-70CA64CAD4AD}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\the political machine 2008 express\polmachine2008express.exe |
"{0E478F5A-836E-4CA8-BBFF-D08E5CA64447}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{144CB631-23BB-4071-B09C-FA6F68308471}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\binaries\win32\batmanac.exe |
"{146ECD65-E23B-45C0-9B65-E871F66C21B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{155CBFBB-DDEA-471C-AC53-8C9EEAC29FAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{187E7F5B-B5DF-4B1B-8CF6-93FC7AAA8CE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{1B101B85-7E7C-4180-89DA-18DECCDFC222}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{1BF03FCE-AAFD-4C6C-BB89-EBFAAD3A5FDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 wonders - the treasures of seven\7 wonders - treasures of seven.exe |
"{1C0754C5-FEFC-444E-A596-AD7B6A94EC75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{2152DFC9-A390-46D0-BD35-E02DACD4EF69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{22103904-CA22-43D0-BECE-8E43C5C2D39B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{234B1BC2-9F21-4BCA-8E9D-EFE1563B6A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor evolved gameplay trailer\smp.exe |
"{238A4DC7-4F53-48F8-8504-B84017277154}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{253807E1-FE60-47BD-A2C4-7C718A81AD91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{27984CBD-4544-402C-801A-B34458B6A6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor quest for the afterlife\luxor - quest for the afterlife.exe |
"{296EA54B-9907-41F4-997F-A13C2E8C19FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{2D778CFA-98C3-4713-A79F-32A4D3B3444A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DF6785D-FB70-40CD-A8EF-76957B632B6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest 3\mahjongquest3.exe |
"{2F14C1A3-89A3-4D8E-AB20-8CFBC53F190B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{30B840E4-33F8-4CC2-B733-D744689BAC66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{342B5259-CBD1-4CEA-9762-F9351142184E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{351D9ECA-403B-4DC3-9DA8-155F033F0114}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{36564830-7B55-44D9-9560-4612827F9766}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36EAC027-6E76-4E4A-9E2B-18AABFAA8CC9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{37F7FC02-0AE1-42DE-84D0-0CEC17733B96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest demo\titan quest demo.exe |
"{384EB106-0C06-4CA9-8E5C-4572279A5084}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider legend demo\trl.exe |
"{38C818CD-31FE-4A7E-AB5C-04F49F065B85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest demo\titan quest demo.exe |
"{3962FE9E-FD7C-43E8-929D-E1DDB42D440A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{3E7F0A41-D79F-4D2A-8EB9-4C7114FBA3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor evolved gameplay trailer\smp.exe |
"{427E710F-A435-45F0-933A-101B8EE2A1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{472B3B64-4FD3-484C-9DD7-70B27B5BDA3B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |
"{4B5C4EE5-6090-486D-AB42-807CF6AF7662}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{5033D029-7FE8-4A85-AD9D-1A5D84FB056D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52540436-650C-4F14-849E-C26CC9AA88F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{55174914-0B91-4D41-9DAF-46527D25A0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zuma's revenge\zumasrevenge.exe |
"{55909790-4648-410D-83CC-EF7F780D88F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider legend demo\trl.exe |
"{56C8BCBD-7889-4A96-8487-26A157E928FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{582229F8-B20B-4E60-8E9D-4C396A90925F}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{59008EFC-61BB-4960-A837-F6DAFE7BABE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5A14EF91-9F40-4100-AACD-8B5BDCA73182}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5E442609-A37F-4F5A-A6DC-9507C7F9D1D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\binaries\win32\batmanac.exe |
"{6378C0CD-3452-4950-BAC1-2F7131FB93A8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{65A2E6AC-D18B-4114-87AF-6C31FB2C5BCF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{66240D38-C4D8-4CE0-A6A2-806FA9160B4C}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\the political machine 2008 express\polmachine2008express.exe |
"{69369422-77FD-4FA6-A226-894F9A431ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\runlauncher.bat |
"{695EFADA-CD04-452A-B246-52B61E282F61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest\mahjong.exe |
"{6F74DFBA-6DC6-409E-80B4-9C7C7FB62BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest\mahjong.exe |
"{6F93C032-78A1-4A0E-8E87-0447FAE8F04A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72244694-7E8A-47C3-8EFB-59B8BF6DD585}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynomite deluxe\dynomite.exe |
"{73071957-29E6-4D31-9818-2FABF7ED31D8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73A3B5D1-6EE4-4C0D-B9BD-D5372EEEC495}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{75B9C2D6-E239-4E64-8359-D40259C9BBC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{77CE7D81-A220-4F54-B9B1-86071089E6A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77E81B81-AB4E-4C46-8FC8-D121EF5AEB14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest 2\mahjongquest2.exe |
"{79CD536E-931F-48BC-864B-BA933AE6EB49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A865B54-FA4B-4EC5-9400-84EEAAAB31C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AE4B523-CFEE-4735-9972-C22E4BF8826F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CCF7BBF-6F82-4313-88DC-6EC4F78BDCF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynomite deluxe\dynomite.exe |
"{7D03F7C0-D111-481E-9A74-F51C00E3AD66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{7DCDCEC9-4AFE-4796-9825-A24AAEE5D982}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{7F67E674-793F-4C87-88CE-AEC8437D427A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8109A2E3-2372-43C0-B6EE-E048F0DD5260}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{81DD1985-488C-41E7-BD88-AA7B104884A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{82075287-D097-44DD-B02D-4500B98B08E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82ADB8FB-BAF5-4C60-A446-0BBC5640E54E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{82F89301-5188-4458-9842-DA55F0EA7178}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{8702D667-C912-48D0-B28D-9495C7311C09}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{88C656F2-6849-41E4-93A7-5B089A503A29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E2F1498-E746-4FB7-8D2B-A0351F97D0CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{92077F19-5727-42E2-9141-F99A281D6556}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{935FF6F1-8974-4F75-B7FB-800A035EE9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9796D519-5D67-4DA0-BDC8-68FC2507FA5A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{97F4F1B3-A372-450A-A76D-F2A3C3FE40C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 wonders - the treasures of seven\7 wonders - treasures of seven.exe |
"{9904DD38-10A8-4A2A-9715-A3CB7FC92403}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{994353F6-D6BC-4F4A-9E0D-E30DAD05527D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FE94542-4130-4021-9568-29C59D95450B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A043E4BC-E052-4DB0-BBB7-63E4A5AC3D98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{A333A60A-A56F-4C84-A964-58C116E794B3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{A9FC6075-84AD-4546-BC40-D3DA5F0B2AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |
"{AE31C7E0-9A93-4C1F-93B0-B7202A564A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AE4F02EC-5A77-478C-B0CA-E1DD06846DC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF59BB97-1217-4E08-9E98-4773BD1CD1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest 2\mahjongquest2.exe |
"{B12F73F2-57C4-4640-9356-AD1A0F497600}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor quest for the afterlife\luxor - quest for the afterlife.exe |
"{B73D8264-C69D-4FB7-8BDB-BD3A4A9001A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mahjong quest 3\mahjongquest3.exe |
"{B7B6B3F9-3003-460C-8AF4-1503BB408DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{BB30639F-36C7-43FC-840F-9A4B4BB6041D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{C5D881E2-35C6-4236-B3E6-54C09A00F5E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{CA007D1C-57AE-4329-BFC6-AB729D00CAD5}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{CABE5913-DA41-4010-BA41-15B2230A2F1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{D1231E9F-38BC-4F1A-B366-38F57208590C}" = protocol=6 | dir=out | app=system |
"{D2F0DBAA-DBD6-430D-8D5A-A86E82EBC3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{D4B2F493-55BE-40A6-85E3-55A66C85D220}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{D57ABF26-A961-44B4-A4EB-9741B920FCF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zuma's revenge\zumasrevenge.exe |
"{D66E9031-9CF8-4D7D-8CAD-F22FE4F38F5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider anniversary demo\tra.exe |
"{D8944448-EEAC-4835-8507-9644542D7F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor 3\testapp.exe |
"{D96100D8-50B0-4A74-B6AD-8B09603F1E23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DBD07A76-9782-49D5-B992-B8A9E4EA24FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luxor 3\testapp.exe |
"{DC60DC09-9AE0-445B-87BA-C3452DD3D368}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E5528E29-7853-4CA3-851E-8B6246D32C2C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{E9BA0B32-1A37-4032-B2C1-848B4D8FB026}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{F5FB6527-D3B2-4714-8783-F422FC2FBEE2}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{F6A5EB07-0AFF-4A25-91BA-23144F2B7306}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F89255AD-AACF-4B15-B847-8572A5A4FA82}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{FDE08A74-3ED5-4FFE-BF80-9011BF825C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"TCP Query User{1E9BEC6E-9107-4BBB-90F9-D87DB1CE34AE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{3EC32B33-7325-438B-BD09-B2910ED824A8}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{430BC90C-0D38-4C1F-8380-66AFF77259FD}C:\users\jsm\appdata\local\temp\d57acbc56f1b467d85546878c3939958\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\jsm\appdata\local\temp\d57acbc56f1b467d85546878c3939958\relicdownloader.exe |
"TCP Query User{541B0A06-1202-4E6F-B79D-D6DB1CB9F265}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{571E956F-7FBC-45F1-9732-48E539297AFE}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe |
"TCP Query User{98926E6F-9056-41CB-9CB5-5B16B51A27CD}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{A100585E-3698-4047-9686-5D6747C04DEB}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{A7DA8D48-FACD-44AE-8FC1-C7F5B4A807B7}C:\users\jsm\appdata\local\temp\epsoninkjetdriverdownloader.exe" = protocol=6 | dir=in | app=c:\users\jsm\appdata\local\temp\epsoninkjetdriverdownloader.exe |
"TCP Query User{D3429B9A-27F8-4DAA-B052-5438C80B920E}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{DB89C593-0AF8-45AA-9ED8-CC7DD237AD30}C:\users\jsm\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\jsm\appdata\local\temp\gw2.exe |
"TCP Query User{DD52F4F6-48D2-4974-8741-871BF8151514}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{FC4785A5-5FC0-4F88-8164-2391D58750D2}D:\common\easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=d:\common\easyinstall\easyinstall.exe |
"TCP Query User{FE9F2E65-2443-4F51-8D1A-9BADB2024B19}C:\program files (x86)\torrentsearch\easydownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torrentsearch\easydownload.exe |
"UDP Query User{2C968B22-43BA-40A4-92AA-82FC7671AC11}C:\program files (x86)\torrentsearch\easydownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torrentsearch\easydownload.exe |
"UDP Query User{53F98814-5A9A-40D3-8737-ABBCEC673898}C:\users\jsm\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\jsm\appdata\local\temp\gw2.exe |
"UDP Query User{658CAD51-36B1-49DF-93FC-04AD7561AADB}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{6F8F803F-4DD8-4E3F-8EFB-98828BBFEC81}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{7F3D1069-F959-422D-B842-79E1D8859FB9}C:\users\jsm\appdata\local\temp\epsoninkjetdriverdownloader.exe" = protocol=17 | dir=in | app=c:\users\jsm\appdata\local\temp\epsoninkjetdriverdownloader.exe |
"UDP Query User{860D2B61-7E5D-4968-869A-6C90AEADDB50}D:\common\easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=d:\common\easyinstall\easyinstall.exe |
"UDP Query User{9565D91A-8555-4B79-A7A7-5A6792528519}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{9701B489-3159-4BD8-B98B-9B638A7E98DE}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{B8B99902-22D3-4B81-A33C-5D99483FE8F5}C:\users\jsm\appdata\local\temp\d57acbc56f1b467d85546878c3939958\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\jsm\appdata\local\temp\d57acbc56f1b467d85546878c3939958\relicdownloader.exe |
"UDP Query User{CA1589E5-5FFC-4B36-8FFF-6747CDE14D5C}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{D1E97C01-A25C-4BAA-8463-1C416E1A02F6}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe |
"UDP Query User{E6584067-A719-4C9C-A9D4-22400655C9CF}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{FB28B693-DF33-42B7-B99E-7C3BC8F3B842}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39817C7B-9315-4E3A-BC49-9B57A1152ACD}" = Pantech PCSuite
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A35A53C3-E4FD-4A84-B69D-D7B125CD4E66}" = Pantech PCSuite
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F626E006-C06C-466A-B133-92C1991385CA}" = ArcSoft Print Creations
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"10 Talismans_is1" = 10 Talismans
"ACW 3.0 Brothers vs Brothers Music(only)" = ACW 3.0 Brothers vs Brothers Music
"ACW 3.0 Brothers vs Brothers3.2" = ACW 3.0 Brothers vs Brothers
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Azkend_is1" = Azkend
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"Collectorz.com Comic Collector" = Collectorz.com Comic Collector
"com.ynab.YNAB3.LiveCaptive_is1" = YNAB 3 version 3.6.3
"com.ynab.YNAB4.LiveCaptive_is1" = YNAB 4 version 4.1.127
"Company of Heroes" = Company of Heroes
"Empire: Total Factions 2.1" = Empire: Total Factions 2.1
"EPSON Scanner" = EPSON Scan
"Flower Paradise_is1" = Flower Paradise
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"Impulse" = Impulse
"Inca Ball_is1" = Inca Ball
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"Jewel Match 2_is1" = Jewel Match 2
"Katawa Shoujo" = Katawa Shoujo
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"Luxor HD_is1" = Luxor HD
"Mahjong Epic" = Mahjong Epic
"Mahjongg Artifacts Chapter 2_is1" = Mahjongg Artifacts Chapter 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Star Trek Online" = Star Trek Online
"Steam App 10500" = Empire: Total War
"Steam App 12210" = Grand Theft Auto IV
"Steam App 15930" = Luxor 3
"Steam App 16030" = 7 Wonders: The Treasures of Seven
"Steam App 16040" = Luxor: Quest for the Afterlife
"Steam App 200240" = Batman: Arkham City Demo
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 22000" = World of Goo
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 23140" = KrissX
"Steam App 24200" = DC Universe Online
"Steam App 3380" = Dynomite! Deluxe
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3560" = Bejeweled Twist
"Steam App 3620" = Zuma's Revenge
"Steam App 38000" = Mahjong Quest
"Steam App 38010" = Mahjong Quest 2
"Steam App 38020" = Mahjong Quest 3
"Steam App 4590" = Titan Quest Demo
"Steam App 7030" = Tomb Raider: Legend Demo
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8030" = Tomb Raider: Anniversary Demo
"Steam App 9900" = Star Trek Online
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 West Virginia" = TaxACT 2008 West Virginia
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 West Virginia" = TaxACT 2009 West Virginia
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 West Virginia" = TaxACT 2010 West Virginia
"TaxACT 2011 - 1040 Edition" = TaxACT 2011 - 1040 Edition
"TaxACT 2011 West Virginia" = TaxACT 2011 West Virginia
"TaxACT Maryland 2007" = TaxACT Maryland 2007
"TaxACT West Virginia 2007" = TaxACT West Virginia 2007
"The Treasures of Montezuma 3_is1" = The Treasures of Montezuma 3
"The Treasures Of Montezuma_is1" = The Treasures Of Montezuma
"VLC media player" = VLC media player 2.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-7b8979a3-f35e-4dd2-93f5-7b172211a3a9" = Polar Bowler
"WTA-8e701c2c-fff5-41be-b3c1-865617dcc77d" = Plants vs. Zombies - Game of the Year
"WTA-a018aebe-93ac-490f-b1ce-de82049a1939" = Penguins!
"WTA-aaa78bf1-2e01-483e-8b76-9a117696fa0e" = Bejeweled 3
"WTA-b82d4be3-3d43-4ea3-a092-020589d38f41" = Zuma's Revenge
"WTA-e0cae985-ee73-4d4f-b5d7-2c35c21c0de0" = RollerCoaster Tycoon 3: Platinum

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2012 9:05:58 AM | Computer Name = Qosmio | Source = WinMgmt | ID = 10
Description =

Error - 8/11/2012 9:49:32 AM | Computer Name = Qosmio | Source = Toshiba App Place | ID = 0
Description =

Error - 8/11/2012 9:50:31 AM | Computer Name = Qosmio | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 11:17:26 AM | Computer Name = Qosmio | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 11:18:52 AM | Computer Name = Qosmio | Source = Toshiba App Place | ID = 0
Description =

Error - 8/12/2012 7:00:02 PM | Computer Name = Qosmio | Source = Windows Backup | ID = 4103
Description =

Error - 8/13/2012 11:29:59 AM | Computer Name = Qosmio | Source = Toshiba App Place | ID = 0
Description =

Error - 8/13/2012 11:31:16 AM | Computer Name = Qosmio | Source = WinMgmt | ID = 10
Description =

Error - 8/14/2012 10:19:07 AM | Computer Name = Qosmio | Source = Toshiba App Place | ID = 0
Description =

Error - 8/14/2012 10:20:25 AM | Computer Name = Qosmio | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/5/2012 11:45:36 AM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/6/2012 8:59:21 AM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/6/2012 8:59:21 AM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/6/2012 9:31:13 AM | Computer Name = Qosmio | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A1FE2855-857A-4E96-8CF1-BDC8AD186E63}
because another computer on the network has the same name. The server could not
start.

Error - 8/6/2012 10:59:12 AM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/6/2012 10:59:12 AM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/6/2012 10:01:40 PM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/6/2012 10:01:40 PM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/7/2012 1:01:59 PM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/7/2012 1:01:59 PM | Computer Name = Qosmio | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby red33 » September 6th, 2012, 12:35 pm

SYSTEM LOOK LOGFILE

SystemLook 30.07.11 by jpshortstuff
Log created at 12:18 on 06/09/2012 by JSM
Administrator - Elevation successful

========== filefind ==========

Searching for "*bho_project.dll*"
No files found.

Searching for "*eoengine*"
No files found.

Searching for "*eobho*"
No files found.

Searching for "*EoRezo*"
No files found.

========== folderfind ==========

Searching for "*OApps*"
C:\Program Files (x86)\OApps d------ [10:57 17/07/2012]

========== Regfind ==========

Searching for "bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bho_project.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\bho_project.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\bho_project.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"

Searching for "OApps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\HELPDIR]
@="C:\Program Files (x86)\OApps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\HELPDIR]
@="C:\Program Files (x86)\OApps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
"AppPath"="C:\Program Files (x86)\OApps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
@="C:\Program Files (x86)\OApps\bho_project.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\HELPDIR]
@="C:\Program Files (x86)\OApps"

Searching for "AFBB7970-789A-4264-BA70-E8127DECE400"
No data found.

Searching for "18AF7201-4F14-4BCF-93FE-45617CF259FF"
No data found.

Searching for "DF76E9B7-35EC-46FC-AF56-5B79DED9D64F"
No data found.

Searching for "C10DC1F4-CCDF-4224-A24D-B23AFC3573C8"
No data found.

Searching for "EoRezo"
No data found.

Searching for "eobho"
No data found.

Searching for "ieobho"
No data found.

Searching for "eoengine"
No data found.

-= EOF =-
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby tim s » September 7th, 2012, 7:08 am

Hi red33,

Thanks for posting logs.

(FYI - my Norton kept telling me that the OTL.exe was unsafe or acting suspiciously. I allowed it though, so hopefully that was correct!) - Thanks - Red33

Yes that was correct. Sorry I should have warned you that tools we use may cause warning from virus protection programs.

Do you know how you installed the program VideoFileDownload that I had you uninstall. From looking at firefox extensions I see it listed there. If you didn't knowing install it yourself.
Not sure if this is the name that is listed in your firefox addons/extension or plugin list or not : "VideoFileDownload - Download YouTube Videos".
Let me know if you have a firefox extension/plugin named that or similar? I am researching this to get more information.

Ok lets start the cleaning.


Perform a Custom Fix with OTL

  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • In the Custom Scan/Fixes box at the bottom, copy then paste in the following lines from the code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com <mailto:plugin@videofiledownload.com>:1.5
    [2012/07/17 06:57:23 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com
    O2 - BHO: (no name) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No CLSID value found.
    O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-839471014-3389720634-1650080027-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bho_project.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\bho_project.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\bho_project.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
    
    :Files
    C:\Program Files (x86)\OApps
    
    :Commands
    [EMPTYTEMP]
    
  • Make sure you have pasted the lines from code box above.
  • Click the Run Fix button at top. If prompted... click OK.
  • Let the Program run unhindered. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
    example: C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log
  • You maybe ask to reboot computer let it if asked.
  • Please post the contents of report in your next reply.
-------------------------------------------------------------------------------

Now this is next.

Rerun SystemLook which should still be on your decktop
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :folderfind
    *OApps*
    
    :Regfind
    68DD98BF-9DE8-418C-89F0-E37AC61CC2D9
    bho_project.DLL
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post theses in next rely:
Let me know about firefox extension name you have listed from the question I ask about at start of post here.
OTL.txt (The report is saved in the same location as OTL. example: C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log)
SystemLook.txt
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Re: adnxs popups

Unread postby red33 » September 7th, 2012, 3:22 pm

Hello Tim ... here is the info you requested:

Do you know how you installed the program VideoFileDownload that I had you uninstall. From looking at firefox extensions I see it listed there. If you didn't knowing install it yourself.
Not sure if this is the name that is listed in your firefox addons/extension or plugin list or not : "VideoFileDownload - Download YouTube Videos".
Let me know if you have a firefox extension/plugin named that or similar? I am researching this to get more information.


No, I did not intentionally install "VideoFileDownload." I have never heard of it before. The only time we have ever looked at youtube is when a Yahoo news article/video directs us there, and that is rarely. I did uninstall that and the other program you instructed me to yesterday.

Before I followed the cleaning instructions from today though, I looked on Firefox extensions and noticed that VideoFileDownload was indeed still there. It said it could be disabled or removed. Now after the reboot I do not see that plugin/extension. There is something else called "VLC Web Plugin 2.0.0.0" but nothing else similar to the Youtube one. Hopefully all that made sense!

Here are the logs you requested. Thanks again for your assistance! - Red


OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: plugin@videofiledownload.com <mailto:plugin@videofiledownload.com>:1.5 removed from extensions.enabledAddons
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\skin folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\locale\en-US folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\locale folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\defaults\preferences folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\defaults folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com\content folder moved successfully.
C:\Users\JSM\AppData\Roaming\Mozilla\Firefox\Profiles\nu0zp3g1.default\extensions\plugin@videofiledownload.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ not found.
Registry key HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bho_project.DLL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00FE392-639D-4688-976E-A1BFF368CB96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\bho_project.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00FE392-639D-4688-976E-A1BFF368CB96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\bho_project.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B00FE392-639D-4688-976E-A1BFF368CB96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ not found.
========== FILES ==========
C:\Program Files (x86)\OApps folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JSM
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 3835159 bytes
->Java cache emptied: 1679355 bytes
->FireFox cache emptied: 744108956 bytes
->Google Chrome cache emptied: 24150385 bytes
->Flash cache emptied: 78954 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167267497 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 898.00 mb


OTL by OldTimer - Version 3.2.61.0 log created on 09072012_144442

Files\Folders moved on Reboot...
C:\Users\JSM\AppData\Local\Mozilla\Firefox\Profiles\nu0zp3g1.default\Cache\_CACHE_001_ moved successfully.
C:\Users\JSM\AppData\Local\Mozilla\Firefox\Profiles\nu0zp3g1.default\Cache\_CACHE_002_ moved successfully.
C:\Users\JSM\AppData\Local\Mozilla\Firefox\Profiles\nu0zp3g1.default\Cache\_CACHE_003_ moved successfully.
C:\Users\JSM\AppData\Local\Mozilla\Firefox\Profiles\nu0zp3g1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\JSM\AppData\Local\Mozilla\Firefox\Profiles\nu0zp3g1.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLook 30.07.11 by jpshortstuff
Log created at 14:54 on 07/09/2012 by JSM
Administrator - Elevation successful

========== folderfind ==========

Searching for "*OApps*"
C:\_OTL\MovedFiles\09072012_144442\C_Program Files (x86)\OApps d------ [10:57 17/07/2012]

========== Regfind ==========

Searching for "68DD98BF-9DE8-418C-89F0-E37AC61CC2D9"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Settings\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
[HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]
[HKEY_USERS\S-1-5-21-839471014-3389720634-1650080027-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}]

Searching for "bho_project.DLL"
No data found.

-= EOF =-
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby red33 » September 8th, 2012, 1:10 am

Tim - this is an addendum to the previous post:

After following the last set of instructions and posting the updated logs this afternoon I shut down my computer, but now I keep getting the "blue crash screen" at startup. The system keeps attempting to do a system repair or restore, and it will not allow me to cancel it. After about 20 minutes System Repair states that it can not be done automatically so it shuts down the computer. At that point I am able to boot up normally, but when I "shutdown" or "restart" it happens all over again.

So basically it gives me the blue screen, tries to do a system repair for 20 minutes and then lets me press the "Power On" button to boot normally. I am afraid to turn the computer off again. (Am I going to need to put this back to factory settings now?)

Hopefully you still have more steps that will clear this up!


This was the crash report after the System Repair did not work. This happens on "Restart" but not sure what happens after a Shutdown or hard reboot.



C:\Users\JSM\AppData\Local\Temp\WER140C.tmp.WERInternalMetadata.xml


<?xml version="1.0" encoding="UTF-16"?>
-<WERReportMetadata> -<OSVersionInformation> <WindowsNTVersion>6.1</WindowsNTVersion> <Build>7601 Service Pack 1</Build> <Product>(0x3): Windows 7 Home Premium</Product> <Edition>HomePremium</Edition> <BuildString>7601.17835.amd64fre.win7sp1_gdr.120503-2030</BuildString> <Revision>1130</Revision> <Flavor>Multiprocessor Free</Flavor> <Architecture>X64</Architecture> <LCID>1033</LCID> </OSVersionInformation> -<ProblemSignatures> <EventType>BlueScreen</EventType> </ProblemSignatures> -<DynamicSignatures> <Parameter1>6.1.7601.2.1.0.768.3</Parameter1> <Parameter2>1033</Parameter2> </DynamicSignatures> -<SystemInformation> <MID>13F0129A-33F8-49DC-A877-5755431A7213</MID> <MarkerFile>1179_TOSHIBA_na_Qosmio_X775_TI10634800B</MarkerFile> <SystemManufacturer>TOSHIBA</SystemManufacturer> <SystemProductName>Qosmio X775</SystemProductName> <BIOSVersion>1.60</BIOSVersion> </SystemInformation> </WERReportMetadata>



about a dozen files in my User Folder like this:

ntuser.dat{b2c1dcdd-f943-11e1-a63a-dc0ea1440fa1}.TMContainer00000000000000000002.regtrans-ms

Also lots of "shortcut folders" in my User Folder that say "access denied"
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby tim s » September 8th, 2012, 2:29 pm

Hi Red33

Lets try a System Restore point that was created right before fix.

System Restore
  • Click on the Start button. Now In the Search programs and files box type System Restore
  • Now you should see in list System Restore. Click on it
  • The System Restore screeen should now be opened click next button
  • Ok when OTL scan/fix was ran it created a restore point right before fix choose it. It should be the most recent one in list choose it click Next
  • Click Finish on the Confirm your restore point window to begin the System restore.
  • Click Yes to the Once started, System Restore cannot be interruped. Do you want to continue? dialog box.
  • The System restore process could take a while. The computer will then be rebooted.
  • Immediately after logging in to windows 7 after the reboot, you should see a message that system restore completed successfully.

    If this was successful we will need to do a chkdsk on the C: drive to see if it reports any bad sectors. If unsuccessful post back and let me know.


    Check Hard Disk For Errors
    Open an Elevated Command Prompt

    You will be switching between command prompt and browser windows.

    1. Press the Image button
    2. In the Start Menu search box area type:
      cmd
    3. Right click on cmd.exe (at top of the menu)... click on Run As Administrator.
      A black screen will open. You should see the elevated command prompt open to C:\Windows\System32
      Leave it open...
    4. Go back to your browser.

      On the Browser screen
    5. Copy the following command line (including the quotes):
      chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    6. Go back to the open (black screen) command prompt.

      At the Command Prompt window.
    7. Right click on the window title "Administrator Command Prompt" area. A menu will appear.
    8. Select Edit... then choose Paste. You should see the chkdsk command string you copied, in the black window.
    9. Press Enter ... Chkdsk will now start checking your hard drive. DO NOT CLOSE the Command Prompt window!
      The Chkdsk process can take a while, depending on the size of your hard drive.
      A file named checkhd.txt will appear on your desktop while Chkdsk is running.
    10. When your hard drive light stop flashing constantly... Open the checkhd.txt file.
      You should see totals of bytes on the drive, bytes in files...etc. If you do not see these totals, Chkdsk is still running, close the file, wait a little longer.
    11. Please post the contents of the checkhd.txt file, in your next reply.
      Note: If you are in a administrator account and get a log in prompt after doing any of the above steps, then click on the Cancel button and repeat the above process again. This will only happen the very first time you try to open a elevated command prompt in Windows 7.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Re: adnxs popups

Unread postby red33 » September 8th, 2012, 5:45 pm

OK, it said that the restore was successful so here is the log you requested. Thanks.


The type of the file system is NTFS.
Volume label is TI106348W0B.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
421 large file records processed.

0 bad file records processed.

2 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
28280 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

607713279 KB total disk space.
293536236 KB in 192089 files.
104720 KB in 28281 indexes.
0 KB in bad sectors.
414051 KB in use by the system.
65536 KB occupied by the log file.
313658272 KB available on disk.

4096 bytes in each allocation unit.
151928319 total allocation units on disk.
78414568 allocation units available on disk.
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby tim s » September 9th, 2012, 8:55 am

Hi Red33,

I am glad to hear that the system restore worked.

We are going try this next remove VideoFileDownload in firefox Browser.
  • Open Firefox
  • Now at top of screen see if you have the menu bar if not hit the alt key on your keyboard to bring it up
  • Click on tab Tools then choose addons
  • Click on extensions if VideoFileDownload is there click remove.

Now try firefox out to see if you are still getting popups.
Let me know how that goes.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Re: adnxs popups

Unread postby red33 » September 10th, 2012, 10:52 am

Hi again Tim -

Looks like the popups are finally gone and the VideoFileDownload addon is gone as well! I got the "blue screen" after the first shutdown, but have restarted and shutdown three more times and all seems to be fine now. I still have a lot of little files floating around, like "desktop.ini and thumbnail" with inaccessible folders, but system seems to be working well otherwise.

Does this mean we are clean now? If so, I can not thank you enough!

(Should I not look at Yahoo news any longer, or youtube? I definitely do not want to bother you all with this again!!)

Red
red33
Active Member
 
Posts: 10
Joined: September 3rd, 2012, 10:02 am

Re: adnxs popups

Unread postby tim s » September 11th, 2012, 9:50 pm

Hi Red33,

Looks like the popups are finally gone and the VideoFileDownload addon is gone as well!

Glad to hear that.

I got the "blue screen" after the first shutdown, but have restarted and shutdown three more times and all seems to be fine now.


We didn't make any changes that would be related to this problem. But I found This error which is listed in your dds log.

8/27/2012 7:03:33 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Read this link here which explains it more. http://www.eventid.net/display-eventid- ... hase-1.htm

I have Toshiba laptop that had a problem very much like this one. I Tried many fixes that were recommended nothing worked. Until I got a manufacturer update to correct the issue from the manufacturer's website.

I have listed 2 options on the Blue Screen issue.
--------------------------------------------------------------------

Option 1
You can also check window update for hardware updates which would be listed as optional updates.
Start > Control Panel >System and Security> Windows Update
"xx optional updates are available" (xx being a number of updates available for your computer)
Look for any updates that are hardware or chipset related.

-------------------------------------------------------------

Option 2
Now another option is to perform a Full System Recovery to out of the box state and then see whether any issues remains or returns. Here are some helpful links for that option:
Toshiba
Order recovery Media ... https://www.csd.toshiba.com/cgi-bin/tai ... cation.jsp
Laptop System Recovery instructions ... https://www.csd.toshiba.com/cgi-bin/tai ... 64&pf=true
User Manuals ... http://eu.computers.toshiba-europe.com/ ... service=EU
Recovery Troubleshooting ... http://aps2.toshiba-tro.de/kb0/TSD0703030000R01.htm
Satellite HDD Recovery ... http://cdgenp01.csd.toshiba.com/content ... 10_web.pdf

You should be prepared for this option if your blue screen issue worsen and does what mine did on restart. It would not load windows logon screen it would hang there.
I had to order a disk to reformat this one. That is when I found out about the manufacturer's update from their support site.

If the issue remains after a Full System Recovery Then you can visit the manufacturer's website or call them for instructions and let them know about the ACPI Error code, to find out what firmware update is needed.

-----------------------------------------------------------

I still have a lot of little files floating around, like "desktop.ini and thumbnail" with inaccessible folders, but system seems to be working well otherwise.

This sounds like your compter is set to show hidden system files. They are suppose to be hidden do the following to rehide them.

Rehide sytem Files and Folders:
  • Click on the start button Image
  • Click on Control Panel. Then Click on Appearance and Personalization.
  • Click on Folder Options. Now in the folder Option box. click on the View tap.
  • Ok Under the Advance settings: section Look at the list you should see little folder with 2 circles under it.
    • Click on the one that says Don't show hidden files, folders, or drives to put a tick in it.
    • Next the three boxes that should have a check mark in them right below the little circles are
      • Hide empty drives in the computer folder
      • Hide extensions for known files types
      • Hide protected operating system files(Recommended) <<< This is the one that makes those files not show.
    • Click Apply button then OK button
    • Now close all open windows.

---------------------------------------------------------------------

I am glad to hear that the popups have stopped, but sorry to ear about the blue screen issue. I can really relate to that one.
If you have anymore questions just let me know.

We can now remove the tools I had you download:
You can delete OTL.exe and SystemLook.exe from your desktop.
You can also delete these text logs:
OTL.txt
Extras.txt
SystemLook.txt


You may want to keep the dds log. It has the error code for the ACPI listed in it. It is listed at the bottom of the Attach.txt

Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

Tim
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware