Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Small mistake, big consequences?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Small mistake, big consequences?

Unread postby platypus » May 13th, 2014, 4:02 pm

Hi,

I'm usualy pretty good when it comes to keeping my computer safe, I even attended the malware removal university a few years ago. Unfortunately, I didn't have the time required to complete the program.

I was surfing on the web two days ago when I accidentally clicked on a link that I shouldn't have. I got a redirect to install some program (I couldn't even tell you which one) which I promptly refused. Unfortunately, it still installed some unwanted malware on my computer. My browser homepage was hijacked ans some new search engine popped up in my list. I have since managed to reset my homepage and I have deleted the search engine entry. I ran scans with malwarebytes which picked up the infection and deleted everything it was picking up. I ran other scans with Spybot Search & Destroy and it still picked up traces of Win32.2UrFace.bho and Conduit.SearchProtect: Here is the beginning of the Spybot log:

--- Search result list ---
Win32.2UrFace.bho: [SBI $62251A5D] Réglages (Clé du Registre, fixing failed)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Win32.2UrFace.bho: [SBI $62251A5D] Réglages (Clé du Registre, fixing failed)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Conduit.SearchProtect: [SBI $C559C1BC] Réglages (Valeur du Registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect\Environment

Conduit.SearchProtect: [SBI $746A4EE2] Réglages (Clé du Registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect


As you can see, Spybot was unable to remove these, so I rebooted in safe mode, ran the scan again, clicked to fix and this time Spybot told me the removal was successful. The computer hasn't shown any other symptoms. The only thing that I find odd is that when I open a new tab on Firefox, it now opens the following URL: search.conduit.com/?gd=&ctid=CT3323913&octid=EB_ORIGINAL_CTID&ISID=M76E2CAE5-3951-4217-9B9D-610638483695&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP28BC0068-C2C5-4486-BB98-70F1B405D6DE, which it didn't do before. It seems to be a Bing search page, but it must me the malware since it says search.conduit.com

I would appreciate your help to clear this out! Here are my dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Denis at 15:10:15 on 2014-05-13
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.1.1036.18.8079.5990 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Présenté par TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/bienvenue/?w=20
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Denis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Ajouter à TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}\2454C4C4038333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}\2454C4C4634343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}\2454C4C4731373 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}\44F6D646F6D6 : DHCPNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
TCP: Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}\E616478616C6965613 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\45shdhvk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.hotmail.ca
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-6-29 28992]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1502000.026\symds64.sys [2014-3-31 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1502000.026\symefa64.sys [2014-3-31 1148120]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-6-29 482384]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [2014-4-22 1525976]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys [2014-3-31 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140512.001\IDSviA64.sys [2014-5-13 525016]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1502000.026\ironx64.sys [2014-3-31 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1502000.026\symnets.sys [2014-3-31 593112]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-7 47032]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-29 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-29 161560]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe [2014-3-31 276376]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-9-2 790368]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-23 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-6-29 9216]
R3 hidshim;Service for HID-KMDF Shim layer;C:\windows\System32\drivers\hidshim.sys [2011-3-9 6656]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]
R3 LgBttPort;LGE Bluetooth TransPort;C:\windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver;C:\windows\System32\drivers\nuvotonhidcir.sys [2011-3-9 32256]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-29 38096]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2012-6-29 259176]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-2-24 22800]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-6-29 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 WSDScan;Prise en charge de la numérisation WSD via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-29 363800]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\System32\drivers\lgandbus64.sys [2012-3-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\System32\drivers\lganddiag64.sys [2012-3-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\System32\drivers\lgandgps64.sys [2012-3-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\System32\drivers\lgandmodem64.sys [2012-3-2 34304]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-13 18:09:07 -------- d-sh--w- C:\Users\Denis\AppData\Local\EmieUserList
2014-05-13 18:09:07 -------- d-sh--w- C:\Users\Denis\AppData\Local\EmieSiteList
2014-05-13 18:00:32 -------- d-----w- C:\Users\Denis\AppData\Local\Amazon
2014-05-12 03:47:05 -------- d-----w- C:\Users\Denis\AppData\Local\{E1413D46-2136-4415-8738-B8A5D648698B}
2014-05-12 03:40:23 -------- d-----w- C:\Users\Denis\AppData\Local\{D57EA6DF-BDCE-4D56-8E70-42115A060606}
2014-05-09 14:01:05 -------- d-----w- C:\Users\Denis\AppData\Roaming\DropboxMaster
2014-05-09 14:00:42 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-09 14:00:42 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-09 13:59:46 -------- d-s---w- C:\windows\System32\CompatTel
2014-05-06 21:07:33 465408 ----a-w- C:\windows\System32\aepdu.dll
2014-05-06 21:07:32 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-04-22 13:59:59 2043904 ----a-w- C:\windows\System32\inetcpl.cpl
2014-04-22 13:59:58 5784064 ----a-w- C:\windows\System32\jscript9.dll
2014-04-22 13:59:57 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
.
==================== Find3M ====================
.
2014-04-29 21:24:31 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 21:24:31 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-03-04 04:18:12 1148120 ----a-w- C:\windows\System32\drivers\NISx64\1502000.026\symefa64.sys
2014-02-18 01:32:41 593112 ----a-w- C:\windows\System32\drivers\NISx64\1502000.026\symnets.sys
2014-02-13 01:59:49 875736 ----a-w- C:\windows\System32\drivers\NISx64\1502000.026\srtsp64.sys
.
============= FINISH: 15:12:42,83 ===============


and the attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-07-14 08:32:39
System Uptime: 2014-05-13 15:06:46 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | U3E1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 731,647 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 2014-03-25 13:56:52 - Windows Update
RP83: 2014-04-13 11:39:43 - Windows Update
RP84: 2014-04-22 09:59:07 - Windows Update
RP85: 2014-05-09 09:58:58 - Windows Update
.
==== Installed Programs ======================
.
Adobe Audition 3.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader X (10.1.9) MUI
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.4
Bejeweled 3
BIAS SoundSoap 2.0
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CutePDF Writer 3.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Exact Audio Copy 1.0beta3
Freemake Video Converter version 3.1.2
Galerie de photos Windows Live
Google Update Helper
Google Earth
Intel PROSet Wireless
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
LG Bluetooth Drivers
LG PC Suite IV
LG United Mobile Drivers
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Famille et Petite Entreprise 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared 64-bit MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (French) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 fr)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDefrag v4.3.1
Norton Internet Security
Nuvoton CIR Device Drivers
NVIDIA Control Panel 295.55
NVIDIA Graphics Driver 295.55
NVIDIA Install Application
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update Components
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
Splashtop Remote Client
Splashtop Software Updater
Splashtop Streamer
Spybot - Search & Destroy
SRS Premium Sound Control Panel
Suite Specific
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== End Of File ===========================


Thank you very much! :)
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm
Advertisement
Register to Remove

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 17th, 2014, 10:35 pm

Hi platypus,

Sorry for the long wait. Do you still need help?
Looks like you were once a student, so you know the routine:


Step 1.
Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Step 2.
Junkware Removal Tool Image
  1. Please download jrt.exe ... by thisisu and save it to your desktop. Alternate download here.
  2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
  3. If running Vista or W7... right-click jrt.exe and select "Run as Administrator",
    otherwise just double click it.
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  4. Please copy and paste the contents of JRT.txt and post in your next reply.


Step 3.
AdwCleaner Download and Run
Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click on this icon on your desktop:
Image
You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.
Image


Step 4.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Contents of checkup.txt
  2. Contents of JRT.txt
  3. Contents of C:\AdwCleaner[S?].txt
  4. Contents of OTL.txt
  5. Contents of Extras.txt
  6. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby platypus » May 19th, 2014, 9:38 pm

Hi Wannabeageek!

Thanks for your help!

Here goes:

Security Check

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Denis on 2014-05-19 at 19:43:47,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{06962FED-2222-49D9-9DAD-F22A75CBF53B}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{0E791326-AFF4-4A88-B799-BD5BEC58C4C9}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{29BA7D21-A44C-4B69-9325-12F26E607133}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{2BEE9C83-6C06-43C9-AE12-BCD5FCC07F1F}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{3554A607-3415-40D8-9E26-1AABC210EFA1}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{370DD96E-45D1-4255-B5D6-9F78517D72F0}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{3BAE723B-88EF-473F-8367-50BE1E96639E}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{3D8E5B34-1852-438C-B6AD-8A6C5ABBDD0F}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{3F72DF0F-BD9F-41E2-8337-137B58B6B5A8}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{4F20B65C-9EE6-42B0-B8C9-58C9BEFC9D9D}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{50AAC4E2-AFE0-4572-B3F0-BAB4F96B23C2}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{550CD6C0-9045-4E2C-A133-2D95A18DD847}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{55DF852B-F52B-4166-9C21-6C234E2B8878}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{6006FFC9-FD02-4870-B1DF-A13E84BC66E7}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{64B50B90-7778-4B70-BDA2-AB14438DE0FF}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{7BB5CB8C-5011-4A31-80F3-8FD727F619BB}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{7EFCC63A-3C89-4B4B-9A09-7403458D287C}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{816C164B-8D4D-4FCA-9C3C-0D5976E1653C}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{84EDF57B-DB28-4126-B778-9B64A8DBB717}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{A68AA924-CC0A-441E-947A-0B06B4EFC1EF}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{B27C999E-041D-485B-89AF-C62DA3B2A1F5}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{BB58607A-C1B8-4D5A-8E88-EA98D31B5FE3}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{C8B51C1A-F617-48E1-BA20-F2BD9FFAC666}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{D1C87F09-473B-446B-BAC5-EAA2BED21F38}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{D55E15C7-3D7B-4430-AC82-2A3990FBC230}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{D57EA6DF-BDCE-4D56-8E70-42115A060606}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{D677438D-711A-4DAE-AE4F-6F2AA7931776}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{D6F6DEA0-38F7-4B83-B0B2-888842114C57}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{E1413D46-2136-4415-8738-B8A5D648698B}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{E1D5385C-B758-45FE-9F24-25D24A3F841C}
Successfully deleted: [Empty Folder] C:\Users\Denis\appdata\local\{FEB25EF1-451F-4FAB-9DBB-0F6CA2B12292}



~~~ FireFox

Successfully deleted the following from C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\45shdhvk.default\prefs.js

user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3323913&octid=EB_ORIGINAL_CTID&ISID=M76E2CAE5-3951-4217-9B9D-610638483695&SearchSource=69&CUI=&SSPV=&Lay
Emptied folder: C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\45shdhvk.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-05-19 at 19:50:08,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

# AdwCleaner v3.210 - Rapport créé le 19/05/2014 à 20:59:16
# Mis à jour le 19/05/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Denis - DENIS-PC
# Exécuté depuis : C:\Users\Denis\Desktop\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\Software\PIP
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (fr)

[ Fichier : C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\45shdhvk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1001 octets] - [19/05/2014 20:58:01]
AdwCleaner[S0].txt - [922 octets] - [19/05/2014 20:59:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [981 octets] ##########


OTL

OTL logfile created on: 2014-05-19 21:06:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,89 Gb Total Physical Memory | 5,35 Gb Available Physical Memory | 67,83% Memory free
15,78 Gb Paging File | 13,21 Gb Available in Paging File | 83,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,18 Gb Total Space | 730,52 Gb Free Space | 79,65% Space Free | Partition Type: NTFS

Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-05-19 19:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
PRC - [2014-05-11 11:35:22 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014-05-07 21:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-03-12 04:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
PRC - [2013-12-18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-09-02 11:49:56 | 000,790,368 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013-09-02 11:49:50 | 007,015,776 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2013-08-07 06:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012-02-27 06:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012-01-28 19:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-01-20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-01-20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-01-20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-01-20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-10-24 14:09:58 | 000,305,080 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2011-10-19 11:43:38 | 000,718,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2011-06-07 15:07:58 | 000,063,432 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2011-06-07 15:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2010-12-25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2014-05-19 21:01:49 | 000,041,984 | ---- | M] () -- c:\users\denis\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe7iask.dll
MOD - [2014-02-12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-02-12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-01-02 23:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Denis\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-10-18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Denis\AppData\Roaming\Dropbox\bin\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-03-06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2012-02-02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012-01-11 00:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011-12-14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011-12-08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011-12-08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-12-08 13:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-12-08 13:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011-11-25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011-11-24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011-04-20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010-10-20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010-09-22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014-05-19 19:23:27 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-07 13:22:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-12 04:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe -- (NIS)
SRV - [2013-12-18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-02 11:49:56 | 000,790,368 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013-08-07 06:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012-05-10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-01-28 19:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-01-20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-01-20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-01-20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-01-20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-07-11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011-06-07 15:08:26 | 000,250,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2011-06-07 15:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011-04-01 20:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-10-12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-03-04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014-02-17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014-02-12 21:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013-11-15 10:09:25 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013-09-26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013-09-25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013-09-09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013-09-09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012-12-13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-08-21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-05-10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-02 16:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2012-03-02 16:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2012-03-02 16:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2012-03-02 16:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-02-27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-02-27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012-02-24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-02-24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012-01-30 17:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012-01-28 19:54:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-01-18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012-01-18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012-01-16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012-01-09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011-12-20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011-12-20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011-12-16 20:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011-12-13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011-12-06 07:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011-11-29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-11-10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-03-23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011-03-18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 18:39:36 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2011-03-09 18:39:34 | 000,032,256 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys -- (nuvotonhidcir)
DRV:64bit: - [2011-02-08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010-11-29 14:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010-11-20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-11 13:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010-08-30 13:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010-06-18 19:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010-04-26 14:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009-09-29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009-09-29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009-09-29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009-07-30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009-07-24 14:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009-07-14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-07-07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009-06-29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009-06-19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009-06-17 15:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014-03-31 16:19:03 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140519.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014-03-18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013-11-23 22:23:15 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013-11-23 22:23:15 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013-11-15 02:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140519.003\ex64.sys -- (NAVEX15)
DRV - [2013-11-15 02:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140519.003\eng64.sys -- (NAVENG)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-727610052-602039670-2732059331-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/bienvenue/?w=20
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_fr
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.ca"
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014-05-19 21:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-11-25 20:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-16 17:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-07-14 22:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions
[2014-05-09 10:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\45shdhvk.default\extensions
[2013-04-16 17:41:19 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\45shdhvk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014-03-25 12:05:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\45shdhvk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014-04-22 19:46:28 | 001,533,185 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\45shdhvk.default\extensions\firefox@ghostery.com.xpi
[2014-05-09 10:07:08 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\45shdhvk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-07-14 22:19:33 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\45shdhvk.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014-04-07 13:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-04-07 13:22:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-11-25 20:10:47 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX

O1 HOSTS File: ([2012-07-16 09:30:47 | 000,443,522 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 http://www.123fporn.info
O1 - Hosts: 15233 more lines...
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPSCMain] C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-727610052-602039670-2732059331-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-727610052-602039670-2732059331-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-727610052-602039670-2732059331-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-727610052-602039670-2732059331-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-727610052-602039670-2732059331-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O4 - Startup: C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-727610052-602039670-2732059331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Ajouter à TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Ajouter à TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E962BBA-3431-426B-A9F4-F29EAEE49252}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-05-19 20:57:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-05-19 19:43:43 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014-05-19 19:17:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2014-05-19 19:16:27 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Denis\Desktop\JRT.exe
[2014-05-13 14:47:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Denis\Desktop\dds.scr
[2014-05-13 14:09:07 | 000,000,000 | -HSD | C] -- C:\Users\Denis\AppData\Local\EmieUserList
[2014-05-13 14:09:07 | 000,000,000 | -HSD | C] -- C:\Users\Denis\AppData\Local\EmieSiteList
[2014-05-13 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Amazon
[2014-05-09 10:01:05 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\DropboxMaster
[2014-05-09 09:59:46 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014-05-06 17:07:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014-05-06 17:07:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014-04-22 10:00:13 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014-04-22 10:00:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014-04-22 10:00:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014-04-22 10:00:09 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014-04-22 10:00:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014-04-22 10:00:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014-04-22 10:00:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014-04-22 10:00:08 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014-04-22 10:00:08 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014-04-22 10:00:07 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014-04-22 10:00:07 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014-04-22 10:00:07 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014-04-22 10:00:07 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014-04-22 10:00:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014-04-22 10:00:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014-04-22 10:00:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014-04-22 10:00:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014-04-22 10:00:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014-04-22 10:00:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014-04-22 10:00:03 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014-04-22 10:00:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014-04-22 10:00:02 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014-04-22 10:00:02 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014-04-22 10:00:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014-04-22 10:00:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014-04-22 10:00:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014-04-22 10:00:00 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014-04-22 09:59:59 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014-04-22 09:59:58 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

========== Files - Modified Within 30 Days ==========

[2014-05-19 21:08:48 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-05-19 21:08:48 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-05-19 21:01:27 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-19 21:01:27 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014-05-19 21:00:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014-05-19 21:00:54 | 2058,850,303 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-19 20:56:20 | 000,001,070 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-19 20:56:20 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014-05-19 19:49:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014-05-19 19:23:20 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014-05-19 19:23:20 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-05-19 19:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2014-05-19 19:16:56 | 001,326,389 | ---- | M] () -- C:\Users\Denis\Desktop\AdwCleaner.exe
[2014-05-19 19:16:30 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Denis\Desktop\JRT.exe
[2014-05-19 19:15:56 | 000,854,367 | ---- | M] () -- C:\Users\Denis\Desktop\SecurityCheck.exe
[2014-05-19 19:13:23 | 000,001,061 | ---- | M] () -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014-05-13 14:47:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Denis\Desktop\dds.scr
[2014-05-11 23:40:16 | 001,669,656 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014-05-11 23:40:16 | 000,747,910 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2014-05-11 23:40:16 | 000,654,480 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014-05-11 23:40:16 | 000,150,402 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2014-05-11 23:40:16 | 000,122,352 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2014-05-19 19:16:54 | 001,326,389 | ---- | C] () -- C:\Users\Denis\Desktop\AdwCleaner.exe
[2014-05-19 19:15:47 | 000,854,367 | ---- | C] () -- C:\Users\Denis\Desktop\SecurityCheck.exe
[2014-03-02 12:30:05 | 001,644,724 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013-11-15 10:22:35 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2013-04-09 13:18:48 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2013-04-09 13:18:48 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini

========== ZeroAccess Check ==========

[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras

OTL Extras logfile created on: 2014-05-19 21:06:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,89 Gb Total Physical Memory | 5,35 Gb Available Physical Memory | 67,83% Memory free
15,78 Gb Paging File | 13,21 Gb Available in Paging File | 83,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,18 Gb Total Space | 730,52 Gb Free Space | 79,65% Space Free | Partition Type: NTFS

Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FABF83E-A819-42A1-86A0-0A4E5B27475D}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B9AD11B-4699-4C6A-94DA-51E2BC60EEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F28B326-90BC-4EC3-8F60-45DC43D6945E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3DE12B55-33BE-4B3A-8413-0C0D5E67B366}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4463F8C2-00C4-4CD8-9155-0294F5FDA6F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C607F44-BE7B-4E33-AA60-25E1F6021395}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DC4AC0E-800B-4106-9E7F-6E32C07C972A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54D3E385-5626-4537-8931-B17240AED445}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{63AAA692-D463-4201-BD11-65D2AA95AAFE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{6DDB0EA4-97A4-45E6-9F8D-56986F8ADADD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{746AAD9F-DBE5-4C2D-993D-CA0DD9927D90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75F62E8E-40B9-4D71-B5A4-DE83A0CF4F8C}" = lport=445 | protocol=6 | dir=in | app=system |
"{763BF4B3-111D-44C3-A89C-7C1432BFFCB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{963AE0A6-7DA3-45D5-A6B3-F0E4F4C9E904}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96963D31-AFC3-4854-86EB-C33BD40EAC0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EC718CE-70D8-4EB8-8AA7-A3CDEDF11541}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE0B2D94-799D-418F-BC77-04F4D082E51F}" = lport=138 | protocol=17 | dir=in | app=system |
"{B95A3DA7-CCED-4502-84FC-07B235E77BAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF1D4CF2-9C3A-4910-A808-A274A28F98AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6F0F4F1-F5DD-4908-BE7E-F2E95D4533C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C8116A8F-0265-4726-93C0-2F0316D9D4A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D412AB11-4EC5-4CA1-A34B-CF6AEB093998}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4AC63A4-07E3-4C61-8D7A-D16869896E0D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4C73450-82D4-4181-B8A1-5DAB0B5BDBEC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E980B863-3044-4DB5-B69F-F5106B6475CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0FB59FD-9BB8-4163-81EA-003EA3EDC19C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057ABAAA-FAFA-4B3E-A685-578FE2EE7932}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0D62D718-7702-4173-8600-FD9D8EEAAEE5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{12E86A0A-670A-44CA-BBB6-2F8F4C2571EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A148753-B61C-4B7A-9636-73AE6895BDD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E5D2B1D-8C7F-4C17-9DA8-ADAB87431BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1EDDA8A1-56DE-4AC7-A4DE-1B48E82DB751}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1F0D3B5C-2908-4CAE-B5A6-88E99A8DD0C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F9EEE91-C06C-4D69-8B73-AD7369756311}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{312BF29E-422E-4AD1-AEBA-D4A88ED64B2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{382FB5F2-849B-48A3-936C-2585C530F73C}" = protocol=17 | dir=in | app=c:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe |
"{47D81F11-C34E-41AD-94C5-CDBD8FF9D71D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48840FFD-9787-4302-AA26-4FB6AA952668}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C887F31-9285-4635-84C4-FEC8A48A9DB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E90164D-5E21-477F-A2F3-B70EE4CCED0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{611B7D6F-2D70-4EC0-A290-CC9E7F140EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6AF1A5FD-1C2C-4A34-B519-735C5A0356C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C1362D9-2AAB-46DF-B66F-BB476387028D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{81D01234-DAB9-4918-8ECD-480EFE5FB1BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82728B50-AB91-470E-94D9-E9C759ED37B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F98F1F0-9834-44AF-87FF-D0F654CCC6C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{91153345-C841-443C-9D02-422225F9577A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{942B8AD3-C647-4C1E-BCEF-10C757E94212}" = protocol=6 | dir=in | app=c:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe |
"{A1541746-DE74-4A32-957D-F36E6A28F629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4B434A1-BB91-41CD-A998-C399104326FC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B7967B5C-0BDD-4A6A-BB47-49D93E68B382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BABD1795-EEBB-4E94-AD39-656B3AD7A575}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C99F9792-4FA5-4D77-8C62-8AC5C6476C0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0CBEF2E-0BF9-4DCF-A289-56F485518BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E01561BB-9922-47BF-BF7B-EF3CD0A624FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E21E7094-0CF7-4AC9-91CB-BACCCF949DD4}" = protocol=6 | dir=out | app=system |
"{E510DDDA-ADD0-49CC-A3D0-74535CCA4472}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7F55ECB-2D57-4E3B-AF15-E0A1519C0FB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9170B9F-E1FE-4534-9A7D-6C8638DEC8B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{B0B22DAB-8C73-4CB8-AA75-9AEF791F5856}C:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B8D91337-86A7-4CA0-A5D6-A8105561BB11}C:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\denis\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{27C3DB42-A9C1-4B44-A164-93849D160D12}" = TOSHIBA VIDEO PLAYER
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}" = TOSHIBA Peak Shift Control
"{75A43A49-A6A1-4FCB-A41E-02D76E166691}" = SRS Premium Sound Control Panel
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}" = Splashtop Remote Client
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45D3CD3E-7715-4341-8441-A3A6409FCDE4}" = BIAS SoundSoap 2.0
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}" = TOSHIBA ConfigFree
"{EE0C0DA3-DA7E-4EF6-BE23-25BA396E06C3}" = Nuvoton CIR Device Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Audacity_is1" = Audacity 1.2.4
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}" = Splashtop Remote Client
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 28.0 (x86 fr)" = Mozilla Firefox 28.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Famille et Petite Entreprise 2010
"Splashtop Software Updater" = Splashtop Software Updater
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live
"WTA-37145eb2-0fe3-4624-8e50-4f8e5cf6a8f0" = Plants vs. Zombies - Game of the Year
"WTA-6e61805e-76cd-4b59-8986-3e6cb619572b" = Zuma's Revenge
"WTA-da009b3b-ca1c-41be-b5bc-63ecf7c0f1e0" = Bejeweled 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014-05-19 21:01:15 | Computer Name = Denis-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2014-05-19 19:53:17 | Computer Name = Denis-PC | Source = DCOM | ID = 10010
Description =

Error - 2014-05-19 21:02:17 | Computer Name = Denis-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Thanks again! :)

Platypus
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 20th, 2014, 11:06 pm

Hi platypus,


Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Java(TM) 6 Update 30
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!


Step 2.
Please download SystemLook from the link below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *java*
    *SearchProtect*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *java*
    *SearchProtect*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    SearchProtect
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby platypus » May 21st, 2014, 10:49 am

Hi!

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:02 on 21/05/2014 by Denis
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Samples\Community Newspaper\Comm Community.incx --a---- 21769 bytes [22:43 01/04/2005] [22:43 01/04/2005] 0803419600E45D65EB17A407056F2598
C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Samples\Community Newspaper\Community Newspaper.indd --a---- 4231168 bytes [22:43 01/04/2005] [22:43 01/04/2005] 648B2FE89E23D40651A86669E389E0AC
C:\Program Files (x86)\Common Files\Adobe\Templates\InDesign\Community Newspaper.collection --a---- 434 bytes [22:43 01/04/2005] [22:43 01/04/2005] 64E0E455BFA0F22B0009F2A88E879D3D

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [21:50 12/02/2014] [21:50 12/02/2014] 5A2B082A760722E08042E3892D07690E
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect.zip --a---- 530 bytes [15:15 13/05/2014] [15:15 13/05/2014] DFFB4602E3CFE396DFC0352EBD6CB221
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect1.zip --a---- 548 bytes [15:15 13/05/2014] [15:15 13/05/2014] C2D821E4113513B9F663939CFA592A12
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect10.zip --a---- 338 bytes [15:15 13/05/2014] [15:15 13/05/2014] DEBAE2946CF37B3A76FF3A75F5871EE5
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect11.zip --a---- 2707 bytes [15:15 13/05/2014] [15:15 13/05/2014] 95A37C89A2316870A57481AE557AB72B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect12.zip --a---- 2795 bytes [15:15 13/05/2014] [15:15 13/05/2014] A0C86CCF88E3A42BAC2C818397EEFF59
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect13.zip --a---- 2817 bytes [15:16 13/05/2014] [15:16 13/05/2014] 39A257968ADD07AD097F9F852C516BEC
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect14.zip --a---- 11853 bytes [15:16 13/05/2014] [15:16 13/05/2014] 609F52CBF76418DB51212A643865F7CE
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect15.zip --a---- 35716 bytes [15:16 13/05/2014] [15:16 13/05/2014] 051E22376EE4D965716A27E727164633
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect16.zip --a---- 31522 bytes [15:16 13/05/2014] [15:16 13/05/2014] 82EA7C8FE55D3E2A7FABB4C8B3385693
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect17.zip --a---- 10369 bytes [15:16 13/05/2014] [15:16 13/05/2014] 0B421B1B3F3D92515FF37F6426749696
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect18.zip --a---- 12757 bytes [15:16 13/05/2014] [15:16 13/05/2014] C8F7731A40BCBD2FA597B2FC06906D10
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect19.zip --a---- 9662 bytes [15:16 13/05/2014] [15:16 13/05/2014] AA75B88839C67CA02889AAB918D181BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect2.zip --a---- 717 bytes [15:15 13/05/2014] [15:15 13/05/2014] 93D27871F9CB24C4FBF5DE5E47F18367
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect20.zip --a---- 17259 bytes [15:16 13/05/2014] [15:16 13/05/2014] 6C0E6DAF64C0AA94EDA1537EFC90835B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect21.zip --a---- 1707 bytes [15:16 13/05/2014] [15:16 13/05/2014] 993B105406AA11381DA8188EE12DABAD
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect22.zip --a---- 1385 bytes [15:16 13/05/2014] [15:16 13/05/2014] 2D7F6D0EDC6FC02276C0CAA6A94DDAE8
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect23.zip --a---- 527 bytes [17:50 13/05/2014] [17:50 13/05/2014] 3D711CAAB4288BA176FD1D203DA25B14
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect24.zip --a---- 549 bytes [17:50 13/05/2014] [17:50 13/05/2014] 0DEFBD7A7B5B9314F178B3AFE0DF8B9A
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect25.zip --a---- 39954 bytes [17:50 13/05/2014] [17:50 13/05/2014] D787697D14443BCB1A6C2D1866387656
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect26.zip --a---- 343 bytes [17:50 13/05/2014] [17:50 13/05/2014] C6E43FB6C5BBB28C6B13E14A6B49EE35
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect27.zip --a---- 341 bytes [17:50 13/05/2014] [17:50 13/05/2014] A931D9A9617D0E485053C8C2F72DEF47
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect28.zip --a---- 339 bytes [17:50 13/05/2014] [17:50 13/05/2014] 97A88927284396176C1DF238411A31D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect29.zip --a---- 529 bytes [18:22 13/05/2014] [18:22 13/05/2014] F5AFA9310EB63A729B8E6FBC80AAC0BC
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect3.zip --a---- 40416 bytes [15:15 13/05/2014] [15:15 13/05/2014] DD6DE1DD2D1BA36C690A75A51C179491
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect30.zip --a---- 549 bytes [18:22 13/05/2014] [18:22 13/05/2014] DE1CF977388D22C24D97829786CF8E3F
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect31.zip --a---- 530 bytes [19:05 13/05/2014] [19:05 13/05/2014] 80F36595C6C4F93322E40FBA01FDBB6B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect32.zip --a---- 533 bytes [19:05 13/05/2014] [19:05 13/05/2014] A369FB390475D9277D15D3ED329CE132
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect4.zip --a---- 1085 bytes [15:15 13/05/2014] [15:15 13/05/2014] 8274275BFF57996EFE5F480769A84FE6
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect5.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] AEA5725668F5787034546B243C1251CA
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect6.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] C6D95B6A5B489437B815C93D75438EE8
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect7.zip --a---- 5641 bytes [15:15 13/05/2014] [15:15 13/05/2014] 78A164A8F4142F0B6E63CCE6945AE5D4
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect8.zip --a---- 343 bytes [15:15 13/05/2014] [15:15 13/05/2014] 99A1DFAD4328814979B086841FDC92DF
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect9.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] 14E60B0C695869CA3658A8601BFE704C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect.zip --a---- 530 bytes [15:15 13/05/2014] [15:15 13/05/2014] DFFB4602E3CFE396DFC0352EBD6CB221
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect1.zip --a---- 548 bytes [15:15 13/05/2014] [15:15 13/05/2014] C2D821E4113513B9F663939CFA592A12
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect10.zip --a---- 338 bytes [15:15 13/05/2014] [15:15 13/05/2014] DEBAE2946CF37B3A76FF3A75F5871EE5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect11.zip --a---- 2707 bytes [15:15 13/05/2014] [15:15 13/05/2014] 95A37C89A2316870A57481AE557AB72B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect12.zip --a---- 2795 bytes [15:15 13/05/2014] [15:15 13/05/2014] A0C86CCF88E3A42BAC2C818397EEFF59
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect13.zip --a---- 2817 bytes [15:16 13/05/2014] [15:16 13/05/2014] 39A257968ADD07AD097F9F852C516BEC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect14.zip --a---- 11853 bytes [15:16 13/05/2014] [15:16 13/05/2014] 609F52CBF76418DB51212A643865F7CE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect15.zip --a---- 35716 bytes [15:16 13/05/2014] [15:16 13/05/2014] 051E22376EE4D965716A27E727164633
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect16.zip --a---- 31522 bytes [15:16 13/05/2014] [15:16 13/05/2014] 82EA7C8FE55D3E2A7FABB4C8B3385693
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect17.zip --a---- 10369 bytes [15:16 13/05/2014] [15:16 13/05/2014] 0B421B1B3F3D92515FF37F6426749696
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect18.zip --a---- 12757 bytes [15:16 13/05/2014] [15:16 13/05/2014] C8F7731A40BCBD2FA597B2FC06906D10
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect19.zip --a---- 9662 bytes [15:16 13/05/2014] [15:16 13/05/2014] AA75B88839C67CA02889AAB918D181BE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect2.zip --a---- 717 bytes [15:15 13/05/2014] [15:15 13/05/2014] 93D27871F9CB24C4FBF5DE5E47F18367
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect20.zip --a---- 17259 bytes [15:16 13/05/2014] [15:16 13/05/2014] 6C0E6DAF64C0AA94EDA1537EFC90835B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect21.zip --a---- 1707 bytes [15:16 13/05/2014] [15:16 13/05/2014] 993B105406AA11381DA8188EE12DABAD
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect22.zip --a---- 1385 bytes [15:16 13/05/2014] [15:16 13/05/2014] 2D7F6D0EDC6FC02276C0CAA6A94DDAE8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect23.zip --a---- 527 bytes [17:50 13/05/2014] [17:50 13/05/2014] 3D711CAAB4288BA176FD1D203DA25B14
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect24.zip --a---- 549 bytes [17:50 13/05/2014] [17:50 13/05/2014] 0DEFBD7A7B5B9314F178B3AFE0DF8B9A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect25.zip --a---- 39954 bytes [17:50 13/05/2014] [17:50 13/05/2014] D787697D14443BCB1A6C2D1866387656
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect26.zip --a---- 343 bytes [17:50 13/05/2014] [17:50 13/05/2014] C6E43FB6C5BBB28C6B13E14A6B49EE35
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect27.zip --a---- 341 bytes [17:50 13/05/2014] [17:50 13/05/2014] A931D9A9617D0E485053C8C2F72DEF47
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect28.zip --a---- 339 bytes [17:50 13/05/2014] [17:50 13/05/2014] 97A88927284396176C1DF238411A31D7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect29.zip --a---- 529 bytes [18:22 13/05/2014] [18:22 13/05/2014] F5AFA9310EB63A729B8E6FBC80AAC0BC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect3.zip --a---- 40416 bytes [15:15 13/05/2014] [15:15 13/05/2014] DD6DE1DD2D1BA36C690A75A51C179491
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect30.zip --a---- 549 bytes [18:22 13/05/2014] [18:22 13/05/2014] DE1CF977388D22C24D97829786CF8E3F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect31.zip --a---- 530 bytes [19:05 13/05/2014] [19:05 13/05/2014] 80F36595C6C4F93322E40FBA01FDBB6B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect32.zip --a---- 533 bytes [19:05 13/05/2014] [19:05 13/05/2014] A369FB390475D9277D15D3ED329CE132
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect4.zip --a---- 1085 bytes [15:15 13/05/2014] [15:15 13/05/2014] 8274275BFF57996EFE5F480769A84FE6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect5.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] AEA5725668F5787034546B243C1251CA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect6.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] C6D95B6A5B489437B815C93D75438EE8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect7.zip --a---- 5641 bytes [15:15 13/05/2014] [15:15 13/05/2014] 78A164A8F4142F0B6E63CCE6945AE5D4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect8.zip --a---- 343 bytes [15:15 13/05/2014] [15:15 13/05/2014] 99A1DFAD4328814979B086841FDC92DF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect9.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] 14E60B0C695869CA3658A8601BFE704C

Searching for "*datamngr*"
C:\Users\Denis\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [23:43 19/05/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*java*"
C:\AI_CS2_IE_NonRet\Technical Information\Scripting\Documentation\Getting Started with JavaScript.pdf --a---- 192694 bytes [13:44 08/02/2005] [13:44 08/02/2005] DFD880748983118F86AA3D1F3232ED33
C:\AI_CS2_IE_NonRet\Technical Information\Scripting\Documentation\Illustrator JavaScript Ref.pdf --a---- 3604223 bytes [17:37 13/01/2005] [17:37 13/01/2005] 0CB6D096C3B4B565832447DA4F8CD27B
C:\Creative Suite\Adobe Creative Suite 2.0\Scripting Guide\JavaScript Reference Guide.pdf --a---- 3541948 bytes [02:38 11/03/2005] [02:38 11/03/2005] 81C9CE19A62AC5C2212BB36769EF7781
C:\Creative Suite\Adobe Creative Suite 2.0\Scripting Guide\Sample Scripts\AppleScript\Run JavaScript --a---- 404 bytes [07:06 22/03/2005] [07:06 22/03/2005] 27F355B652A2F4EF75CD060A5E89FC72
C:\Creative Suite\Adobe Creative Suite 2.0\Scripting Guide\Sample Scripts\VBScript\ExecuteJavaScript.vbs --a---- 492 bytes [22:10 24/11/2004] [22:10 24/11/2004] 4BA65AC8A827AF607C5BCF9A192E83C4
C:\Program Files\Common Files\System\ado\adojavas.inc --a---- 14610 bytes [22:31 13/07/2009] [20:50 13/07/2009] 398FD657D8EA0BD77325E6BAEEA25090
C:\Program Files\Common Files\System\msadc\adcjavas.inc --a---- 630 bytes [22:31 13/07/2009] [20:50 13/07/2009] 8B9319B9C5043CF0EFE0AF3483DC069B
C:\Program Files (x86)\Adobe\Adobe Illustrator CS2\Scripting\Documentation\Getting Started with JavaScript.pdf --a---- 192694 bytes [10:24 25/03/2005] [10:24 25/03/2005] DFD880748983118F86AA3D1F3232ED33
C:\Program Files (x86)\Adobe\Adobe Illustrator CS2\Scripting\Documentation\Illustrator JavaScript Ref.pdf -ra---- 3588192 bytes [10:24 25/03/2005] [10:24 25/03/2005] 874E6415AFCBDDBE3C259E5C819CBF50
C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Plug-Ins\Script\Support for JavaScript.apln --a---- 196608 bytes [02:27 02/04/2005] [02:27 02/04/2005] 727BBA88FF02D412E84AC9C0089F22A3
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll --a---- 102515 bytes [23:58 04/04/2005] [23:58 04/04/2005] 43AE1B8A9BCEF384CC9E195B63DB701E
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.exe --a---- 45161 bytes [23:58 04/04/2005] [23:58 04/04/2005] C07D173E49C3F99A34F97D2614315E8A
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.exe.manifest --a---- 548 bytes [23:58 04/04/2005] [23:58 04/04/2005] 54820D938229243DBDB26C5237DAC326
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\javaw.exe --a---- 45163 bytes [23:58 04/04/2005] [23:58 04/04/2005] D25439708BE8DA3E43C4E889755747F6
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\javaw.exe.manifest --a---- 548 bytes [23:58 04/04/2005] [23:58 04/04/2005] 54820D938229243DBDB26C5237DAC326
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\NPJava11.dll --a---- 65647 bytes [23:58 04/04/2005] [23:58 04/04/2005] 0AE6E6728EF2DACEA759B9A442ADAF12
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\NPJava12.dll --a---- 65647 bytes [23:58 04/04/2005] [23:58 04/04/2005] 331295B5F75DACE7A1538EBDA6355EE3
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\NPJava13.dll --a---- 65647 bytes [23:58 04/04/2005] [23:58 04/04/2005] 0332C3C42E10ED20E3DBB3FF4C77FBB4
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\NPJava14.dll --a---- 65647 bytes [23:58 04/04/2005] [23:58 04/04/2005] DF15FDE9CB1A7AD72FF139429F9F7DBB
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\NPJava32.dll --a---- 65647 bytes [23:58 04/04/2005] [23:58 04/04/2005] 02BFD3A03BDA831139A1599CA521100B
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\JavaCup.ico --a---- 25214 bytes [23:58 04/04/2005] [23:58 04/04/2005] C2D3DCEC30FB9FE8C90FFE24F7A642E0
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javalogo52x88.gif --a---- 2841 bytes [23:58 04/04/2005] [23:58 04/04/2005] 4BB5195285E8603168662265A02C6290
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\JavaWebStart.dll --a---- 139264 bytes [23:58 04/04/2005] [23:58 04/04/2005] 714B69E3D0F80E1A9EAFDAAE0F117C84
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javaws-l10n.jar --a---- 98420 bytes [23:58 04/04/2005] [23:58 04/04/2005] 7C7A308CD0C8E5536E25146CF524D1A0
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javaws.exe --a---- 135168 bytes [23:58 04/04/2005] [23:58 04/04/2005] A92E34B28D6125E14DA74484E58EC410
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javaws.jar --a---- 1076415 bytes [23:58 04/04/2005] [23:58 04/04/2005] 4A0CB494E33AF826AB6BA8D06EFBB9A7
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javaws.policy --a---- 138 bytes [23:58 04/04/2005] [23:58 04/04/2005] F6FFD5E15EF6B3365EA75D6E4351B87B
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws\javawspl.dll --a---- 36864 bytes [23:58 04/04/2005] [23:58 04/04/2005] 0BE71FFE2D819A26EC44E0EDFA807F43
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\lib\security\java.policy --a---- 2271 bytes [23:58 04/04/2005] [23:58 04/04/2005] B7D15123C6196A6E20592702BF4B9436
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\lib\security\java.security --a---- 7059 bytes [23:58 04/04/2005] [23:58 04/04/2005] 91F54D02DAAFA9AAE3479C5F02239492
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\plugins\com.adobe.versioncue.persistence_2.0.0\lib\mysql-connector-java-com-3.1.2-alpha-bin.jar --a---- 337031 bytes [23:58 04/04/2005] [23:58 04/04/2005] AFB8410238CF46A48720A20441BDF2AF
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\JavaScriptCore.dll --a---- 1810760 bytes [01:58 13/02/2014] [01:58 13/02/2014] 7A44FCA61FE9286EDD88B69000BF3434
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptFormatter.js --a---- 28579 bytes [19:13 28/11/2012] [19:13 28/11/2012] 63E70154C396A18579F1A3CF5F43890D
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptSourceFrame.js --a---- 26125 bytes [01:58 13/02/2014] [01:58 13/02/2014] A842B85AA237458B1EBB110787D864DB
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\SnippetJavaScriptSourceFrame.js --a---- 3411 bytes [01:58 13/02/2014] [01:58 13/02/2014] 540B9C7980A7E9BF5A4D97B48A47D514
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\SourceJavaScriptTokenizer.js --a---- 102231 bytes [01:58 13/02/2014] [01:58 13/02/2014] E0B5FD0DD861EB08FA430F41E75D3354
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\SourceJavaScriptTokenizer.re2js --a---- 10472 bytes [01:58 13/02/2014] [01:58 13/02/2014] A9A74BD5177A62362D51E4B6AFCB81FD
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\ace\mode_javascript.js --a---- 38492 bytes [01:58 13/02/2014] [01:58 13/02/2014] D705F2F71E5092676762C99ED50CF7BC
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\cm\javascript.js --a---- 14683 bytes [01:58 13/02/2014] [01:58 13/02/2014] 8B0CB4A23171199F2E15FE3EF3B90FA7
C:\Program Files (x86)\Common Files\System\ado\adojavas.inc --a---- 14610 bytes [22:41 13/07/2009] [21:05 13/07/2009] 398FD657D8EA0BD77325E6BAEEA25090
C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc --a---- 630 bytes [22:41 13/07/2009] [21:05 13/07/2009] 8B9319B9C5043CF0EFE0AF3483DC069B
C:\Users\Denis\AppData\Local\Temp\java_install_reg.log --a---- 1027 bytes [13:58 21/05/2014] [13:59 21/05/2014] 062D07F4FF9AFEA390F5D775FE3B8CF6
C:\Windows\System32\JavaScriptCollectionAgent.dll --a---- 38400 bytes [14:00 22/04/2014] [07:56 06/03/2014] 964C89BC8A52A260D68C90FDDEB862E2
C:\Windows\SysWOW64\deployJava1.dll --a---- 472808 bytes [02:25 27/04/2012] [02:25 27/04/2012] CCB1CD9C87E247A52248A6B0E16EDE6B
C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll --a---- 32256 bytes [14:00 22/04/2014] [07:13 06/03/2014] C9CA9803299EB6AFA34CB520BAAB083D
C:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.16428_none_981e5b1badd89cc7\JavaScriptCollectionAgent.dll --a---- 40448 bytes [14:40 15/11/2013] [14:40 15/11/2013] D6C88A6094D1FDAC56A186BBD7F06357
C:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.17041_none_984c3cbdadb5a971\JavaScriptCollectionAgent.dll --a---- 38400 bytes [14:00 22/04/2014] [07:56 06/03/2014] 964C89BC8A52A260D68C90FDDEB862E2
C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-jvs_31bf3856ad364e35_6.1.7600.16385_none_6a69e20f88ec9b72\adojavas.inc --a---- 14610 bytes [22:31 13/07/2009] [20:50 13/07/2009] 398FD657D8EA0BD77325E6BAEEA25090
C:\Windows\winsxs\amd64_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_bdae6a1e5b988ed0\adcjavas.inc --a---- 630 bytes [22:31 13/07/2009] [20:50 13/07/2009] 8B9319B9C5043CF0EFE0AF3483DC069B
C:\Windows\winsxs\x86_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.16428_none_3bffbf97f57b2b91\JavaScriptCollectionAgent.dll --a---- 34816 bytes [14:40 15/11/2013] [14:40 15/11/2013] FB0D1CC2911A0645DDA6C0608473EB55
C:\Windows\winsxs\x86_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.17041_none_3c2da139f558383b\JavaScriptCollectionAgent.dll --a---- 32256 bytes [14:00 22/04/2014] [07:13 06/03/2014] C9CA9803299EB6AFA34CB520BAAB083D
C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-jvs_31bf3856ad364e35_6.1.7600.16385_none_0e4b468bd08f2a3c\adojavas.inc --a---- 14610 bytes [22:41 13/07/2009] [21:05 13/07/2009] 398FD657D8EA0BD77325E6BAEEA25090
C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_618fce9aa33b1d9a\adcjavas.inc --a---- 630 bytes [22:41 13/07/2009] [21:05 13/07/2009] 8B9319B9C5043CF0EFE0AF3483DC069B

Searching for "*SearchProtect*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect.zip --a---- 530 bytes [15:15 13/05/2014] [15:15 13/05/2014] DFFB4602E3CFE396DFC0352EBD6CB221
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect1.zip --a---- 548 bytes [15:15 13/05/2014] [15:15 13/05/2014] C2D821E4113513B9F663939CFA592A12
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect10.zip --a---- 338 bytes [15:15 13/05/2014] [15:15 13/05/2014] DEBAE2946CF37B3A76FF3A75F5871EE5
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect11.zip --a---- 2707 bytes [15:15 13/05/2014] [15:15 13/05/2014] 95A37C89A2316870A57481AE557AB72B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect12.zip --a---- 2795 bytes [15:15 13/05/2014] [15:15 13/05/2014] A0C86CCF88E3A42BAC2C818397EEFF59
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect13.zip --a---- 2817 bytes [15:16 13/05/2014] [15:16 13/05/2014] 39A257968ADD07AD097F9F852C516BEC
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect14.zip --a---- 11853 bytes [15:16 13/05/2014] [15:16 13/05/2014] 609F52CBF76418DB51212A643865F7CE
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect15.zip --a---- 35716 bytes [15:16 13/05/2014] [15:16 13/05/2014] 051E22376EE4D965716A27E727164633
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect16.zip --a---- 31522 bytes [15:16 13/05/2014] [15:16 13/05/2014] 82EA7C8FE55D3E2A7FABB4C8B3385693
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect17.zip --a---- 10369 bytes [15:16 13/05/2014] [15:16 13/05/2014] 0B421B1B3F3D92515FF37F6426749696
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect18.zip --a---- 12757 bytes [15:16 13/05/2014] [15:16 13/05/2014] C8F7731A40BCBD2FA597B2FC06906D10
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect19.zip --a---- 9662 bytes [15:16 13/05/2014] [15:16 13/05/2014] AA75B88839C67CA02889AAB918D181BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect2.zip --a---- 717 bytes [15:15 13/05/2014] [15:15 13/05/2014] 93D27871F9CB24C4FBF5DE5E47F18367
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect20.zip --a---- 17259 bytes [15:16 13/05/2014] [15:16 13/05/2014] 6C0E6DAF64C0AA94EDA1537EFC90835B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect21.zip --a---- 1707 bytes [15:16 13/05/2014] [15:16 13/05/2014] 993B105406AA11381DA8188EE12DABAD
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect22.zip --a---- 1385 bytes [15:16 13/05/2014] [15:16 13/05/2014] 2D7F6D0EDC6FC02276C0CAA6A94DDAE8
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect23.zip --a---- 527 bytes [17:50 13/05/2014] [17:50 13/05/2014] 3D711CAAB4288BA176FD1D203DA25B14
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect24.zip --a---- 549 bytes [17:50 13/05/2014] [17:50 13/05/2014] 0DEFBD7A7B5B9314F178B3AFE0DF8B9A
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect25.zip --a---- 39954 bytes [17:50 13/05/2014] [17:50 13/05/2014] D787697D14443BCB1A6C2D1866387656
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect26.zip --a---- 343 bytes [17:50 13/05/2014] [17:50 13/05/2014] C6E43FB6C5BBB28C6B13E14A6B49EE35
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect27.zip --a---- 341 bytes [17:50 13/05/2014] [17:50 13/05/2014] A931D9A9617D0E485053C8C2F72DEF47
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect28.zip --a---- 339 bytes [17:50 13/05/2014] [17:50 13/05/2014] 97A88927284396176C1DF238411A31D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect29.zip --a---- 529 bytes [18:22 13/05/2014] [18:22 13/05/2014] F5AFA9310EB63A729B8E6FBC80AAC0BC
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect3.zip --a---- 40416 bytes [15:15 13/05/2014] [15:15 13/05/2014] DD6DE1DD2D1BA36C690A75A51C179491
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect30.zip --a---- 549 bytes [18:22 13/05/2014] [18:22 13/05/2014] DE1CF977388D22C24D97829786CF8E3F
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect31.zip --a---- 530 bytes [19:05 13/05/2014] [19:05 13/05/2014] 80F36595C6C4F93322E40FBA01FDBB6B
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect32.zip --a---- 533 bytes [19:05 13/05/2014] [19:05 13/05/2014] A369FB390475D9277D15D3ED329CE132
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect4.zip --a---- 1085 bytes [15:15 13/05/2014] [15:15 13/05/2014] 8274275BFF57996EFE5F480769A84FE6
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect5.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] AEA5725668F5787034546B243C1251CA
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect6.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] C6D95B6A5B489437B815C93D75438EE8
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect7.zip --a---- 5641 bytes [15:15 13/05/2014] [15:15 13/05/2014] 78A164A8F4142F0B6E63CCE6945AE5D4
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect8.zip --a---- 343 bytes [15:15 13/05/2014] [15:15 13/05/2014] 99A1DFAD4328814979B086841FDC92DF
C:\ProgramData\Spybot - Search & Destroy\Recovery\ConduitSearchProtect9.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] 14E60B0C695869CA3658A8601BFE704C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect.zip --a---- 530 bytes [15:15 13/05/2014] [15:15 13/05/2014] DFFB4602E3CFE396DFC0352EBD6CB221
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect1.zip --a---- 548 bytes [15:15 13/05/2014] [15:15 13/05/2014] C2D821E4113513B9F663939CFA592A12
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect10.zip --a---- 338 bytes [15:15 13/05/2014] [15:15 13/05/2014] DEBAE2946CF37B3A76FF3A75F5871EE5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect11.zip --a---- 2707 bytes [15:15 13/05/2014] [15:15 13/05/2014] 95A37C89A2316870A57481AE557AB72B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect12.zip --a---- 2795 bytes [15:15 13/05/2014] [15:15 13/05/2014] A0C86CCF88E3A42BAC2C818397EEFF59
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect13.zip --a---- 2817 bytes [15:16 13/05/2014] [15:16 13/05/2014] 39A257968ADD07AD097F9F852C516BEC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect14.zip --a---- 11853 bytes [15:16 13/05/2014] [15:16 13/05/2014] 609F52CBF76418DB51212A643865F7CE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect15.zip --a---- 35716 bytes [15:16 13/05/2014] [15:16 13/05/2014] 051E22376EE4D965716A27E727164633
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect16.zip --a---- 31522 bytes [15:16 13/05/2014] [15:16 13/05/2014] 82EA7C8FE55D3E2A7FABB4C8B3385693
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect17.zip --a---- 10369 bytes [15:16 13/05/2014] [15:16 13/05/2014] 0B421B1B3F3D92515FF37F6426749696
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect18.zip --a---- 12757 bytes [15:16 13/05/2014] [15:16 13/05/2014] C8F7731A40BCBD2FA597B2FC06906D10
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect19.zip --a---- 9662 bytes [15:16 13/05/2014] [15:16 13/05/2014] AA75B88839C67CA02889AAB918D181BE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect2.zip --a---- 717 bytes [15:15 13/05/2014] [15:15 13/05/2014] 93D27871F9CB24C4FBF5DE5E47F18367
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect20.zip --a---- 17259 bytes [15:16 13/05/2014] [15:16 13/05/2014] 6C0E6DAF64C0AA94EDA1537EFC90835B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect21.zip --a---- 1707 bytes [15:16 13/05/2014] [15:16 13/05/2014] 993B105406AA11381DA8188EE12DABAD
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect22.zip --a---- 1385 bytes [15:16 13/05/2014] [15:16 13/05/2014] 2D7F6D0EDC6FC02276C0CAA6A94DDAE8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect23.zip --a---- 527 bytes [17:50 13/05/2014] [17:50 13/05/2014] 3D711CAAB4288BA176FD1D203DA25B14
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect24.zip --a---- 549 bytes [17:50 13/05/2014] [17:50 13/05/2014] 0DEFBD7A7B5B9314F178B3AFE0DF8B9A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect25.zip --a---- 39954 bytes [17:50 13/05/2014] [17:50 13/05/2014] D787697D14443BCB1A6C2D1866387656
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect26.zip --a---- 343 bytes [17:50 13/05/2014] [17:50 13/05/2014] C6E43FB6C5BBB28C6B13E14A6B49EE35
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect27.zip --a---- 341 bytes [17:50 13/05/2014] [17:50 13/05/2014] A931D9A9617D0E485053C8C2F72DEF47
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect28.zip --a---- 339 bytes [17:50 13/05/2014] [17:50 13/05/2014] 97A88927284396176C1DF238411A31D7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect29.zip --a---- 529 bytes [18:22 13/05/2014] [18:22 13/05/2014] F5AFA9310EB63A729B8E6FBC80AAC0BC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect3.zip --a---- 40416 bytes [15:15 13/05/2014] [15:15 13/05/2014] DD6DE1DD2D1BA36C690A75A51C179491
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect30.zip --a---- 549 bytes [18:22 13/05/2014] [18:22 13/05/2014] DE1CF977388D22C24D97829786CF8E3F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect31.zip --a---- 530 bytes [19:05 13/05/2014] [19:05 13/05/2014] 80F36595C6C4F93322E40FBA01FDBB6B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect32.zip --a---- 533 bytes [19:05 13/05/2014] [19:05 13/05/2014] A369FB390475D9277D15D3ED329CE132
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect4.zip --a---- 1085 bytes [15:15 13/05/2014] [15:15 13/05/2014] 8274275BFF57996EFE5F480769A84FE6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect5.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] AEA5725668F5787034546B243C1251CA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect6.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] C6D95B6A5B489437B815C93D75438EE8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect7.zip --a---- 5641 bytes [15:15 13/05/2014] [15:15 13/05/2014] 78A164A8F4142F0B6E63CCE6945AE5D4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect8.zip --a---- 343 bytes [15:15 13/05/2014] [15:15 13/05/2014] 99A1DFAD4328814979B086841FDC92DF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ConduitSearchProtect9.zip --a---- 341 bytes [15:15 13/05/2014] [15:15 13/05/2014] 14E60B0C695869CA3658A8601BFE704C

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
C:\Users\Denis\Music\David Bowie\The Rise And Fall Of Ziggy Stardust And The Spiders From Mars\04 - Starman.mp3 --a---- 6390727 bytes [03:40 20/02/2013] [03:40 20/02/2013] F1FD08D3F910085F907FC3F267689230
C:\Users\Denis\Music\iTunes\iTunes Media\Music\David Bowie\The Rise And Fall Of Ziggy Stardust And\04 Starman.mp3 --a---- 6390727 bytes [20:33 06/04/2013] [20:33 06/04/2013] F1FD08D3F910085F907FC3F267689230

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Samples\Community Newspaper d------ [15:56 16/01/2013]
C:\Program Files (x86)\Common Files\Adobe\Templates\InDesign\Community Newspaper d------ [15:56 16/01/2013]

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*java*"
C:\AI_CS2_IE_NonRet\Technical Information\Scripting\Sample Scripts\JavaScript d------ [14:20 15/11/2013]
C:\Creative Suite\Adobe Creative Suite 2.0\Scripting Guide\Sample Scripts\JavaScript d------ [16:24 16/01/2013]
C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\Sun Java2 Runtime Environment-1.6.0_30 d-a---- [02:36 27/04/2012]
C:\Program Files (x86)\Adobe\Adobe Illustrator CS2\Scripting\Sample Scripts\JavaScript d------ [14:23 15/11/2013]
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\javaws d------ [16:07 16/01/2013]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Javascripts d------ [21:25 18/02/2014]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\JavaScriptCore.resources d------ [03:39 08/03/2014]
C:\ProgramData\Sun\Java d------ [02:25 27/04/2012]
C:\ProgramData\Sun\Java\Java Update d------ [02:25 27/04/2012]
C:\Users\All Users\Sun\Java d------ [02:25 27/04/2012]
C:\Users\All Users\Sun\Java\Java Update d------ [02:25 27/04/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java d------ [13:58 21/05/2014]

Searching for "*SearchProtect*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
C:\Users\Denis\Music\Claude Dubois\Starmania d------ [03:40 20/02/2013]
C:\Users\Denis\Music\iTunes\iTunes Media\Music\Claude Dubois\Starmania d------ [20:26 06/04/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\communitychev.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ideascommunity.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Samples\Community Newspaper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Adobe\Templates\InDesign\Community Newspaper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADFF5CE8FC1A5F54E812F2F4B5BF523B]
"3618C4F7952F0A940A8182759A5087CB"="C:\Program Files (x86)\Common Files\Adobe\Templates\InDesign\Community Newspaper\Classified Section.indt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8AF973CDBC8A134A89CF581C6597871]
"3618C4F7952F0A940A8182759A5087CB"="C:\Program Files (x86)\Adobe\Adobe InDesign CS2\Samples\Community Newspaper\Comm Cell phones.incx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{CFA2780E-48B3-43B9-B26E-43EF51134772}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.2.40]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.2.40]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.2.40]
"SNMP Community"="public"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\communitychev.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ideascommunity.com]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\2D6317878F0F5264AAF3277D97A58C24]
"File"="iSyncConduit.dll"

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-


Thank you.
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 21st, 2014, 10:57 pm

Hi platypus,

Please run the following:

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    O3 - HKU\S-1-5-21-727610052-602039670-2732059331-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    
    :Files
    C:\ProgramData\Sun
    C:\Users\All Users\Sun
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.
C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
  2. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 24th, 2014, 12:13 am

Hi platypus.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby platypus » May 24th, 2014, 1:03 am

Hi!

Here it is!

Step 1: OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
C:\ProgramData\Sun\Java\Java Update folder moved successfully.
C:\ProgramData\Sun\Java folder moved successfully.
C:\ProgramData\Sun folder moved successfully.
File\Folder C:\Users\All Users\Sun not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denis
->Temp folder emptied: 15065590 bytes
->Temporary Internet Files folder emptied: 1253496 bytes
->FireFox cache emptied: 64505095 bytes
->Flash cache emptied: 592 bytes

User: dub_cm_auto

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4374944 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287653 bytes
RecycleBin emptied: 7541882 bytes

Total Files Cleaned = 129,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232014_225019

Files\Folders moved on Reboot...
C:\Users\Denis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Denis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\CompatTelemetryLogs\diagerr.xml moved successfully.
C:\windows\temp\CompatTelemetryLogs\diagwrn.xml moved successfully.
C:\windows\temp\CompatTelemetryLogs\setupact.log moved successfully.
C:\windows\temp\CompatTelemetryLogs\setuperr.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Step 2: ESET online scanner

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5a327d5dcf8c594aad753177764010e2
# engine=18390
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-24 04:49:15
# local_time=2014-05-24 12:49:15 )
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 0 163413540 0 0
# compatibility_mode=5893 16776574 100 94 26086395 152450405 0 0
# scanned=176829
# found=0
# cleaned=0
# scan_time=5779


No issues running the scans but for finding the time to do it...

Computer seems to be running fine. No more unwanted search engine and new tabs are now a blank page.

Thanks

Platypus
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 24th, 2014, 11:50 am

Hi platypus,

You need to install an updated version of Java and Adobe Reader.

Recall that you uninstalled Java and Adobe Reader is outdated and not current.


Install Java:
Step 1.
Windows Offline (32-bit)
Step 2.
Windows Offline (64-bit)

Step 3.
Adobe Reader:
Adobe Reader Version XI (11.0.07)
Pay close attention to the page at Adobe as there is an additional section called OPTIONAL OFFER, automatically selecting McAfee Security Scan Plus utility for download.
You need to UNCHECK the box so that you do not download the additional program.

Note: See instructions below image.
Image


Step 4.
RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so a separate post may be needed.)
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby platypus » May 25th, 2014, 1:01 pm

Hi!

For Windows Offline, do I get the 32-bit, the 64-bit or both?

Thanks
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 25th, 2014, 8:41 pm

You would download and install both on a 64 bit Operating System.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby platypus » May 25th, 2014, 9:31 pm

Hi!

Here goes!

log.txt

Logfile of random's system information tool 1.10 (written by random/random)
Run by Denis at 2014-05-25 21:22:46
Microsoft Windows 7 Édition Familiale Premium Service Pack 1
System drive C: has 755 GB (80%) free of 939 GB
Total RAM: 8079 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:59, on 2014-05-25
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/bienvenue/?w=20
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Présenté par TOSHIBA Leading Innovation >>>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-727610052-602039670-2732059331-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-727610052-602039670-2732059331-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Ajouter à TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\windows\system32\msiexec.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 29787 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\WLANExt.exe 16706816
\??\C:\windows\system32\conhost.exe "7323220606799371835493743-563724119-20391438307953157861688242683-1792100185
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe"
-l
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
WLIDSvcM.exe 2928
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
taskeng.exe {DC59F017-CA55-4F8F-B47E-256F8A73FB7C}
"C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll" /prefetch:1
"C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Windows\System32\ThpSrv.exe" /logon
"C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Sandboxie\SbieCtrl.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe" /c /a /s UserSession
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_00000001,1468
C:\windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://get.adobe.com/reader/completion/aih/?exitcode=0&type=install"

C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Denis\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate

=========Mozilla firefox=========

ProfilePath - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\45shdhvk.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.hotmail.ca"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Module iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\45shdhvk.default\extensions\
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll [2014-04-28 916320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-25 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-25 211368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll [2014-04-28 654176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL [2014-02-21 392344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll [2014-04-28 916320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll [2014-04-28 654176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-22 12452456]
"SRS Premium Sound 3D"=C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2012-03-06 2165120]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-02-24 2868496]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-09-23 590256]
"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2012-02-13 989056]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"ThpSrv"=C:\windows\system32\thpsrv /logon []
"TRCMan"=C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [2011-10-19 718720]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-25 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-06-28 598448]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2014-01-17 759496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-02-21 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe [2012-02-04 2824104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816]
"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2011-11-21 253312]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-12 43848]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-02-21 152392]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Denis\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-25 21:22:46 ----D---- C:\rsit
2014-05-25 21:22:46 ----D---- C:\Program Files\trend micro
2014-05-25 21:05:55 ----A---- C:\windows\system32\javaws.exe
2014-05-25 21:05:45 ----A---- C:\windows\system32\WindowsAccessBridge-64.dll
2014-05-25 21:05:45 ----A---- C:\windows\system32\javaw.exe
2014-05-25 21:05:45 ----A---- C:\windows\system32\java.exe
2014-05-25 21:05:37 ----D---- C:\Program Files\Java
2014-05-25 21:04:50 ----D---- C:\ProgramData\Sun
2014-05-25 21:04:25 ----D---- C:\ProgramData\Oracle
2014-05-25 21:04:07 ----A---- C:\windows\SYSWOW64\javaws.exe
2014-05-25 21:03:59 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-25 21:03:59 ----A---- C:\windows\SYSWOW64\javaw.exe
2014-05-25 21:03:59 ----A---- C:\windows\SYSWOW64\java.exe
2014-05-25 21:03:37 ----D---- C:\Program Files (x86)\Java
2014-05-23 22:50:19 ----D---- C:\_OTL
2014-05-20 20:16:47 ----D---- C:\ProgramData\Licenses
2014-05-20 20:16:46 ----AD---- C:\ProgramData\TEMP
2014-05-20 20:16:41 ----D---- C:\Program Files (x86)\SpywareBlaster
2014-05-20 20:16:41 ----A---- C:\windows\SYSWOW64\MSSTDFMT.DLL
2014-05-20 15:10:35 ----RD---- C:\Sandbox
2014-05-20 11:27:39 ----A---- C:\windows\Sandboxie.ini
2014-05-20 11:27:17 ----D---- C:\Program Files\Sandboxie
2014-05-20 11:02:56 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-19 21:47:04 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-05-19 21:47:04 ----A---- C:\windows\system32\mshtmled.dll
2014-05-19 21:47:04 ----A---- C:\windows\system32\mshtml.dll
2014-05-19 21:47:03 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-05-19 20:57:32 ----D---- C:\AdwCleaner
2014-05-19 19:43:43 ----D---- C:\windows\ERUNT
2014-05-19 19:28:37 ----A---- C:\windows\system32\shell32.dll
2014-05-19 19:28:35 ----A---- C:\windows\SYSWOW64\shell32.dll
2014-05-19 19:28:32 ----A---- C:\windows\system32\aepdu.dll
2014-05-19 19:28:32 ----A---- C:\windows\system32\aeinv.dll
2014-05-19 19:27:57 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-05-19 19:27:57 ----A---- C:\windows\system32\lsasrv.dll
2014-05-19 19:27:57 ----A---- C:\windows\system32\kerberos.dll
2014-05-19 19:27:56 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-05-19 19:27:56 ----A---- C:\windows\SYSWOW64\kerberos.dll
2014-05-19 19:27:55 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2014-05-19 19:27:55 ----A---- C:\windows\system32\winlogon.exe
2014-05-19 19:27:55 ----A---- C:\windows\system32\objsel.dll
2014-05-19 19:27:55 ----A---- C:\windows\system32\ntoskrnl.exe
2014-05-19 19:27:55 ----A---- C:\windows\system32\msv1_0.dll
2014-05-19 19:27:54 ----A---- C:\windows\SYSWOW64\objsel.dll
2014-05-19 19:27:54 ----A---- C:\windows\system32\TSpkg.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\wincredprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\wdigest.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\schannel.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\dpapiprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\dimsroam.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\cngprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\capiprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\SYSWOW64\adprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\wincredprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\wdigest.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\sspisrv.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\sspicli.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\schannel.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\lsass.exe
2014-05-19 19:27:53 ----A---- C:\windows\system32\KernelBase.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-05-19 19:27:53 ----A---- C:\windows\system32\drivers\ksecdd.sys
2014-05-19 19:27:53 ----A---- C:\windows\system32\dpapiprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\dimsroam.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\credssp.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\cngprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\capiprovider.dll
2014-05-19 19:27:53 ----A---- C:\windows\system32\adprovider.dll
2014-05-19 19:27:52 ----A---- C:\windows\SYSWOW64\sspicli.dll
2014-05-19 19:27:52 ----A---- C:\windows\SYSWOW64\secur32.dll
2014-05-19 19:27:52 ----A---- C:\windows\system32\secur32.dll
2014-05-09 10:01:05 ----D---- C:\Users\Denis\AppData\Roaming\DropboxMaster
2014-05-09 09:59:46 ----SD---- C:\windows\system32\CompatTel

======List of files/folders modified in the last 1 month======

2014-05-25 21:22:46 ----RD---- C:\Program Files
2014-05-25 21:18:17 ----SHD---- C:\windows\Installer
2014-05-25 21:17:49 ----SHD---- C:\System Volume Information
2014-05-25 21:17:07 ----D---- C:\ProgramData\Adobe
2014-05-25 21:17:06 ----D---- C:\Program Files (x86)\Adobe
2014-05-25 21:16:36 ----D---- C:\windows\SysWOW64
2014-05-25 21:05:55 ----AD---- C:\windows\System32
2014-05-25 21:04:50 ----HD---- C:\ProgramData
2014-05-25 21:04:48 ----D---- C:\Program Files (x86)\Common Files
2014-05-25 21:03:37 ----RD---- C:\Program Files (x86)
2014-05-25 20:53:56 ----D---- C:\windows\Temp
2014-05-25 18:05:51 ----D---- C:\Users\Denis\AppData\Roaming\Dropbox
2014-05-25 12:40:00 ----D---- C:\windows\system32\config
2014-05-25 12:28:48 ----D---- C:\windows\system32\Tasks
2014-05-25 12:26:14 ----A---- C:\windows\SYSWOW64\log.txt
2014-05-25 12:23:08 ----D---- C:\windows\system32\drivers\NISx64
2014-05-23 22:55:04 ----AD---- C:\Windows
2014-05-23 22:52:49 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 10:26:37 ----D---- C:\windows\Microsoft.NET
2014-05-21 10:25:51 ----RSD---- C:\windows\assembly
2014-05-20 15:26:28 ----D---- C:\windows\Prefetch
2014-05-20 11:17:38 ----D---- C:\windows\system32\drivers\etc
2014-05-20 10:45:34 ----D---- C:\windows\winsxs
2014-05-20 10:43:38 ----D---- C:\windows\system32\fr-FR
2014-05-20 10:43:32 ----D---- C:\windows\system32\drivers
2014-05-19 21:48:31 ----D---- C:\ProgramData\Microsoft Help
2014-05-19 21:47:09 ----D---- C:\windows\system32\catroot
2014-05-19 21:47:08 ----D---- C:\windows\system32\catroot2
2014-05-19 21:45:47 ----D---- C:\windows\system32\MRT
2014-05-19 21:44:14 ----D---- C:\windows\debug
2014-05-19 21:44:11 ----A---- C:\windows\system32\MRT.exe
2014-05-19 19:23:20 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-05-13 16:14:33 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-05-13 15:12:04 ----D---- C:\windows\SoftwareDistribution
2014-05-13 15:07:34 ----D---- C:\windows\inf
2014-05-13 14:49:23 ----D---- C:\Program Files\Google
2014-05-13 14:49:23 ----D---- C:\Program Files (x86)\Google
2014-05-13 14:00:36 ----D---- C:\Program Files (x86)\Amazon
2014-05-11 23:40:16 ----A---- C:\windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2012-01-28 28992]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS [2013-09-09 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [2014-03-04 1148120]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2011-03-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-18 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-05-09 1530160]
R1 ccSet_NIS;NIS Settings Manager; C:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [2013-09-25 162392]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-11-23 484952]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140523.001\IDSvia64.sys [2014-03-31 525016]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [2013-09-09 36952]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [2013-09-26 264280]
R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [2014-02-17 593112]
R1 Tosrfcom;Bluetooth RFCOMM; C:\windows\System32\Drivers\tosrfcom.sys [2010-11-29 82224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-23 137648]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 hidshim;Service for HID-KMDF Shim layer; C:\windows\system32\DRIVERS\hidshim.sys [2011-03-09 6656]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-29 4757608]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
R3 iwdbus;IWD Bus Enumerator; C:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
R3 LgBttPort;LGE Bluetooth TransPort; C:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140525.002\ENG64.SYS [2013-11-15 126040]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140525.002\EX64.SYS [2013-11-15 2099288]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-09 11416576]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver; C:\windows\system32\DRIVERS\nuvotonhidcir.sys [2011-03-09 32256]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-12-13 259176]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2014-01-17 202600]
R3 SmbDrv;SmbDrv; C:\windows\system32\DRIVERS\Smb_driver.sys [2012-02-24 22800]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [2014-02-12 875736]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2013-11-15 177752]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2012-02-24 412944]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 tosporte;Bluetooth COM Port; C:\windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 Andbus;LGE Android Platform Composite USB Device; C:\windows\system32\DRIVERS\lgandbus64.sys [2012-03-02 19456]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\windows\system32\DRIVERS\lganddiag64.sys [2012-03-02 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\windows\system32\DRIVERS\lgandgps64.sys [2012-03-02 27136]
S3 ANDModem;LGE Android Platform USB Modem; C:\windows\system32\DRIVERS\lgandmodem64.sys [2012-03-02 34304]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2011-12-20 34200]
S3 LVRS64;Logitech RightSound Filter Driver; C:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC); C:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 tosrfbnp;Bluetooth RFBNEP; C:\windows\System32\Drivers\tosrfbnp.sys [2010-11-11 50864]
S3 Tosrfhid;Bluetooth RFHID; C:\windows\system32\DRIVERS\Tosrfhid.sys [2010-08-30 94528]
S3 tosrfnds;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-16 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-20 277784]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [2014-05-11 276376]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2012-01-28 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-01-28 2458944]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2014-01-17 187592]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service; C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [2013-09-02 790368]
R2 SSUService;Splashtop Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-08-07 609056]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2011-04-20 558592]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2012-02-02 580608]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-20 363800]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 641352]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-01-16 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-19 257712]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 136176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-20 119408]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby platypus » May 25th, 2014, 9:34 pm

info.txt

info.txt logfile of random's system information tool 1.10 2014-05-25 21:23:00

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F85100183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731EFE4E110F850C00807E00800F848A00B280EB825532E48A5600CD135DEB9C813EFE7D55AA756EFF7600E88A000F851500B0D1E664E87F00B0DFE660E87800B0FFE664E87100B800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C0074FCBB0700B40ECD10EBF22BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000000000003ABB527600008020210027591ABF0008000000E02E0000591BBF07FEFFFF00E82E0000A0A57200FEFFFF17FEFFFF0088D47200E09B010000000000000000000000000000000055AA

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{11D530CE-F649-45FA-84C0-5CD47F46CE2D}\setup.exe" -runfromtemp -l0x0409 -ADDREMOVE -removeonly
-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"
-->C:\Program Files\TOSHIBA\TVAP\setup.exe
-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=c:\creative suite cs2\adobe creative suite 2.0/lang=0809
Adobe Flash Player 13 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -maintain activex
Adobe Flash Player 13 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader XI (11.0.07) - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Application Support-->MsiExec.exe /I{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}
Apple Mobile Device Support-->MsiExec.exe /I{787136D2-F0F8-4625-AA3F-72D7795AC842}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
Audacity 1.2.4-->"C:\Program Files (x86)\Audacity\unins000.exe"
Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe"
BIAS SoundSoap 2.0-->MsiExec.exe /I{45D3CD3E-7715-4341-8441-A3A6409FCDE4}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Complément Messenger-->MsiExec.exe /I{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}
CutePDF Writer 3.0-->C:\Program Files (x86)\Acro Software\CutePDF Writer\Setup64.exe /uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{349F73CA-653A-43A6-AE77-970B07D6EDA0}" "1036" "0"
Exact Audio Copy 1.0beta3-->C:\Program Files (x86)\Exact Audio Copy\uninst.exe
Freemake Video Converter version 3.1.2-->"C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Manageability Engine Firmware Recovery Agent-->MsiExec.exe /X{A6C48A9F-694A-4234-B3AA-62590B668927}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) OpenCL CPU Runtime-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Intel(R) WiDi-->MsiExec.exe /X{93F34C5C-ACAA-48F3-9B26-70359A117F12}
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{DF7756DD-656A-45C3-BA71-74673E8259A9}
Intel® Trusted Connect Service Client-->MsiExec.exe /I{538B98C3-773F-4F20-9C66-802D104DCBE2}
iTunes-->MsiExec.exe /I{B8BA155B-1E75-405F-9CB4-8A99615D09DC}
Java 7 Update 55 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417055FF}
Java 7 Update 55-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217055FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LG Bluetooth Drivers-->MsiExec.exe /X{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}
LG PC Suite IV-->C:\Program Files (x86)\LG Electronics\LG PC Suite IV\uninstall.exe
LG United Mobile Drivers-->MsiExec.exe /X{5DB849D6-9392-4FB7-9ABB-87ED433152E5}
Malwarebytes Anti-Malware version 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 4.5.1-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office Access MUI (French) 2010-->MsiExec.exe /X{90140000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2010-->MsiExec.exe /X{90140000-0016-040C-0000-0000000FF1CE}
Microsoft Office Famille et Petite Entreprise 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2010-->MsiExec.exe /X{90140000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2010-->MsiExec.exe /X{90140000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2010-->MsiExec.exe /X{90140000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2010-->MsiExec.exe /X{90140000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2010-->MsiExec.exe /X{90140000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2010-->MsiExec.exe /X{90140000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (French) 2010-->MsiExec.exe /X{90140000-002A-040C-1000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2010-->MsiExec.exe /X{90140000-006E-040C-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2010-->MsiExec.exe /X{90140000-001B-040C-0000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{2C303EE0-A595-3543-A71A-931C7AC40EDE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 29.0.1 (x86 fr)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MyDefrag v4.3.1-->"C:\Program Files\MyDefrag v4.3.1\unins000.exe"
Norton Internet Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.3.0.12\InstStub.exe" /X /ARP
Nuvoton CIR Device Drivers-->"C:\ProgramData\Nuvoton Technology Corporation\setup.exe" -i{EE0C0DA3-DA7E-4EF6-BE23-25BA396E06C3} -nw
NVIDIA Graphics Driver 295.55-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 9.12.0213-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\Setup.exe" -runfromtemp -removeonly
Sandboxie 4.08 (64-bit)-->"C:\windows\Installer\SandboxieInstall64.exe" /remove
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126}
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-040C-0000-0000000FF1CE}" "{E2A4647F-1763-4802-AA8D-6A3D5A903713}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0401-0000-0000000FF1CE}" "{F63A5E34-3E66-4E59-8314-1CAA9D7B12C6}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0413-0000-0000000FF1CE}" "{9A854864-23D5-4FD5-8357-F4602A2A7CC4}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EC2CA755-17D8-4392-A91E-FD4D2DD31072}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0241FB40-015F-42AC-A711-1AE59E346B51}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{6357AE0A-D15E-4919-A877-35280BB4F0D3}" "1036" "0"
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5EE42B42-1159-435C-898A-2A3298453B20}" "1036" "0"
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38AD6402-4A9F-49EC-A8E8-B41355702630}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0401-0000-0000000FF1CE}" "{00694B53-36C7-472D-9CB1-37BAE02F0E78}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0413-0000-0000000FF1CE}" "{2C2D6CA0-1F04-4551-A82A-E0800CD616FA}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-040C-1000-0000000FF1CE}" "{40D99E15-CD30-43EA-9A72-1A6DB7BD0A6B}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-040C-0000-0000000FF1CE}" "{F8BE2445-4A05-4F85-B958-A7C4E942E9DF}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-040C-0000-0000000FF1CE}" "{D8590FBE-194F-4AD2-8FA3-EEA8EAA4EBD5}" "1036" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-040C-0000-0000000FF1CE}" "{00767F40-7075-4A18-90F4-137834D8F0FC}" "1036" "0"
Skype™ 6.11-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Splashtop Remote Client-->"C:\Program Files (x86)\InstallShield Installation Information\{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}\setup.exe" -runfromtemp -l0x0409 -removeonly
Splashtop Remote Client-->MsiExec.exe /X{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}
Splashtop Software Updater-->"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe"
Splashtop Streamer-->MsiExec.exe /X{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 5.0-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
SRS Premium Sound Control Panel-->MsiExec.exe /X{75A43A49-A6A1-4FCB-A41E-02D76E166691}
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly
TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D}
TOSHIBA ConfigFree-->MsiExec.exe /X{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA eco Utility-->MsiExec.exe /X{2C486987-D447-4E36-8D61-86E48E24199C}
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}\setup.exe" -l0x9
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38}
TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}
TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly
TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
TOSHIBA Peak Shift Control-->MsiExec.exe /X{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}
TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly
TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C}
TOSHIBA Remote Control Manager-->C:\Program Files (x86)\InstallShield Installation Information\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}\setup.exe -runfromtemp -removeonly
TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0AF17224-CF88-40B8-BB1A-D179369847B4}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA VIDEO PLAYER-->MsiExec.exe /X{27C3DB42-A9C1-4B44-A164-93849D160D12}
TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}
TOSHIBA Wireless Display Monitor-->MsiExec.exe /X{617773AE-ADBA-4479-BB04-65FE7758B35C}
TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591}
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1036" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1036" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1036" "0"
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}" "1036" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1036" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1036" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1036" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1036" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1036" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1036" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1036" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1036" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1036" "0"
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}" "1036" "0"
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}" "1036" "0"
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{82F87E28-B18E-46D6-A399-E2F19CF5949B}" "1036" "0"
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{5E8EB600-8B94-429E-873E-98369C6DC1BC}" "1036" "0"
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}" "1036" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1036" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1036" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-040C-0000-0000000FF1CE}" "{00B639A5-BD2B-4678-B86E-D8D7090BF175}" "1036" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1036" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-040C-0000-0000000FF1CE}" "{42222905-BA01-4118-841D-7769A5484E1B}" "1036" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}" "1036" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1036" "0"
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7B29D8B8-6A87-496C-A65E-B935E740448A}" "1036" "0"
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38CF30E4-3348-4BD1-A859-B630C355A56F}" "1036" "0"
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe"
WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}
Windows Live Family Safety-->MsiExec.exe /I{BFBE6E95-5724-47EC-85A0-74D436AD938F}
Windows Live Family Safety-->MsiExec.exe /X{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe"

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: Denis-PC
Event Code: 11
Message: Les bibliothèques de liens dynamiques sont chargées pour chaque application. L’administrateur système doit vérifier la liste des bibliothèques pour s’assurer qu’elles sont associées à des applications approuvées.
Record Number: 73820
Source Name: Microsoft-Windows-Wininit
Time Written: 20140520010108.734051-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Denis-PC
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 73755
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20140520010010.561216-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Denis-PC
Event Code: 10002
Message: Le module d’extensibilité WLAN s’est arrêté.

Chemin d’accès du module : C:\windows\System32\IWMSSvc.dll

Record Number: 73754
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20140520010010.483216-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Denis-PC
Event Code: 1014
Message: La résolution du nom client50.dropbox.com a expiré lorsqu’aucun des serveurs DNS configurés n’a répondu.
Record Number: 73697
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20140520005625.612821-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: Denis-PC
Event Code: 10010
Message: Le serveur {995C996E-D918-4A8C-A302-45719A6F4EA7} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 73681
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20140519235317.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: Denis-PC
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-727610052-602039670-2732059331-1001:
Process 1564 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Acro Software Inc\CPW

Record Number: 18622
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140520161827.960285-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Denis-PC
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 18575
Source Name: Microsoft-Windows-WMI
Time Written: 20140520144519.000000-000
Event Type: Erreur
User:

Computer Name: Denis-PC
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 18463
Source Name: Microsoft-Windows-WMI
Time Written: 20140520010115.000000-000
Event Type: Erreur
User:

Computer Name: Denis-PC
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-727610052-602039670-2732059331-1001_Classes:
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001_CLASSES

Record Number: 18442
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140520010004.570806-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Denis-PC
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-727610052-602039670-2732059331-1001:
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\My
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\CA
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\Root
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Policies\Microsoft\SystemCertificates
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Policies\Microsoft\SystemCertificates
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Policies\Microsoft\SystemCertificates
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Policies\Microsoft\SystemCertificates
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-727610052-602039670-2732059331-1001\Software\Microsoft\SystemCertificates\trust

Record Number: 18441
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140520010004.134005-000
Event Type: Avertissement
User: AUTORITE NT\Système

=====Security event log=====

Computer Name: Denis-PC
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-21-727610052-602039670-2732059331-1001
Nom du compte : Denis
Domaine du compte : Denis-PC
ID d’ouverture de session : 0x26ff558

Privilèges : SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34494
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140520005622.502215-000
Event Type: Succès de l’audit
User:

Computer Name: Denis-PC
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : DENIS-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 7

Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-727610052-602039670-2732059331-1001
Nom du compte : Denis
Domaine du compte : Denis-PC
ID d’ouverture de session : 0x26ff566
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x354
Nom du processus : C:\Windows\System32\winlogon.exe

Informations sur le réseau :
Nom de la station de travail : DENIS-PC
Adresse du réseau source : 127.0.0.1
Port source : 0

Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 34493
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140520005622.502215-000
Event Type: Succès de l’audit
User:

Computer Name: Denis-PC
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : DENIS-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 7

Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-727610052-602039670-2732059331-1001
Nom du compte : Denis
Domaine du compte : Denis-PC
ID d’ouverture de session : 0x26ff558
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x354
Nom du processus : C:\Windows\System32\winlogon.exe

Informations sur le réseau :
Nom de la station de travail : DENIS-PC
Adresse du réseau source : 127.0.0.1
Port source : 0

Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 34492
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140520005622.502215-000
Event Type: Succès de l’audit
User:

Computer Name: Denis-PC
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : DENIS-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : Denis
Domaine du compte : Denis-PC
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x354
Nom du processus : C:\Windows\System32\winlogon.exe

Informations sur le réseau :
Adresse du réseau : 127.0.0.1
Port : 0

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 34491
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140520005622.502215-000
Event Type: Succès de l’audit
User:

Computer Name: Denis-PC
Event Code: 1102
Message: Le journal d’audit a été effacé.
Objet :
ID de sécurité : S-1-5-21-727610052-602039670-2732059331-1001
Nom de compte : Denis
Nom de domaine : Denis-PC
ID de connexion : 0x5a42d
Record Number: 34490
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140519234959.798189-000
Event Type: Succès de l’audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files (x86)\Windows Live\Shared;c:\Program Files (x86)\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"YPCAGADGET"=TOSHIBA
"asl.log"=Destination=file

-----------------EOF-----------------
User avatar
platypus
Regular Member
 
Posts: 146
Joined: January 31st, 2006, 10:07 pm

Re: Small mistake, big consequences?

Unread postby wannabeageek » May 28th, 2014, 12:48 am

Hi platypus,

Your latest set of logs appear to be clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Remove all used tools not removed by OTL if they remain on your desktop.
Systemlookup
RSITx64



Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Personal Software Inspector (PSI)
F-secure Health Check


Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware
Java
Adobe Flash Player
Adobe Reader
Mozilla Firefox



Here is an additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Small mistake, big consequences?

Unread postby Wingman » May 31st, 2014, 8:30 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 483 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware