Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old December 28th, 2012, 01:18 AM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
Laptop freezing multiple times daily - moved by Jintan

Not long ago I posted that my computer had removed my ability to edit the dns server location after going into the properties of the network I am currently connected to. I restored my computer to a previous point and was able to recover them but my computer has once again decided to ditch everything in the Networking tab of the connection except Client for Microsoft Works; I believe this was due to a windows update I recently ran. Is there a way I can recover these things without restoring my computer to a previous state?
Reply With Quote
  #2  
Old December 28th, 2012, 03:44 PM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
Laptop freezing multiple times daily

As the title suggests, my laptop has been freezing on me several times each day, on some reboots it will check for disk consistency, other times it will simply load. I can no longer run disk defragmenter as it stalls the computer at some point during the scan, but I have run disk cleanup successfully and keep it cleaning. I had Panda scanning but even that no longer works without stalling the machine but I have Webroot which is able to function. I have 1/4 of my c: still available, and I have run defraggler on a quick scan because the lengthy scan can't finish before the computer goes down again. I simply need the machine to last the next 20 days at which point I get a new one, but I am afraid one day soon it will crash and not wake up again. I am running a toshiba on vista. Can you help?
Reply With Quote
  #3  
Old December 28th, 2012, 04:09 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows XP Pro
Posts: 17,405
Try running chkdsk on the drive: Step-By-Step
Reply With Quote
  #4  
Old December 29th, 2012, 01:13 AM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
How long is the diskcheck supposed to take? I schedulled one for the restart of my laptop and restarted and there was something that came up text/coding-wise but it was gone before I realized it was on the screen then the laptop started up.
Reply With Quote
  #5  
Old December 29th, 2012, 01:21 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
DRayner, do you have both Panda antivirus and WebRoot's on the same system?
Reply With Quote
  #6  
Old December 29th, 2012, 01:23 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
Is this the same computer as this thread?
Reply With Quote
  #7  
Old December 29th, 2012, 05:46 PM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
Yes, the problem occurring in this thread began before the more major one in the thread I created later
Reply With Quote
  #8  
Old December 29th, 2012, 05:47 PM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
I did, I removed Panda. I returned to my computer after being away from it again today and it had once again stalled. On bootup it again ran the chkdsk while looking for consistency in the disk.
Reply With Quote
  #9  
Old December 29th, 2012, 10:23 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
If you did have two antivirus programs on one system, both will need to be uninstalled, as each has corrupted the other (as well as system functions). Why not do that, then check for change.
Reply With Quote
  #10  
Old December 29th, 2012, 10:25 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
DRayner, I am going to merge your two open requests, then move the lot to the CTH Malware Removal Forum, and assume for the moment these problems are all malware related (and I could be wrong).
Reply With Quote
  #11  
Old December 29th, 2012, 10:28 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
Uninstall your other antivirus program, reboot, then do the following please.

If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #12  
Old December 30th, 2012, 04:45 AM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
I was able to remove webroot and run all the programs you sent me, however the text files are quite long, am I able to attach the files on here or can I only copy and paste it into the reply box? I checked advanced but didn't see an attach icon
Reply With Quote
  #13  
Old December 31st, 2012, 12:42 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,279
You need to break them into parts, and use extra posts to post them.
Reply With Quote
  #14  
Old December 31st, 2012, 01:15 AM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
OTL logfile created on: 12/30/2012 9:40:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TOSHIBA\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.08% Memory free
6.20 Gb Paging File | 4.25 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.49 Gb Total Space | 69.89 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TOSHIBA-PC | User Name: TOSHIBA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 09:39:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TOSHIBA\Downloads\OTL.exe
PRC - [2012/05/05 03:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/16 06:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2010/09/13 21:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/02/20 21:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/30 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/22 04:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/10 06:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/26 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/26 05:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/08/24 04:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 09:15:15 | 012,456,040 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/05 09:15:15 | 000,460,904 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012/12/05 09:15:14 | 004,008,040 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\pdf.dll
MOD - [2012/12/05 09:14:29 | 000,587,880 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 09:14:28 | 000,124,520 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\libegl.dll
MOD - [2012/12/05 09:14:21 | 000,157,304 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 09:14:20 | 000,275,576 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 09:14:19 | 002,168,952 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\avcodec-54.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/25 10:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/25 10:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/30 15:29:10 | 000,830,464 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/18 04:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/04 05:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/22 08:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/12/24 08:33:40 | 000,733,296 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 12:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 21:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/30 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/22 04:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/26 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/09/29 08:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/13 06:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/08/24 04:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/09 06:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 23:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/10/07 18:11:52 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwLv64.sys -- (NETwLv64)
DRV:64bit: - [2010/06/23 21:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/10/01 08:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 13:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/02/21 22:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/30 16:25:24 | 004,168,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/01/22 03:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/15 12:35:08 | 001,196,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2007/12/21 04:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/06 18:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/10 02:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/30 14:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/26 06:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/07/28 07:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/27 08:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/05/14 10:10:32 | 000,166,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2006/11/20 14:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/10/24 08:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/20 04:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=ea7 0fe3700000000000000215c297da9
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes\{376FEA72-F9FE-40AF-A4AC-87853771D693}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT3220468
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TOSHIBA\AppData\Local\Google\Update\1.3.2 1.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TOSHIBA\AppData\Local\Google\Update\1.3.2 1.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files (x86)\Webroot\Security\current\plugins\browserexte nsion\ff_ptc\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/14 14:16:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/17 07:30:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.0\FF [2011/12/16 11:11:27 | 000,000,000 | ---D | M]

[2012/09/07 08:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\e xtensions
[2012/09/07 08:18:45 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\e xtensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - homepage: http://webmail1.uwindsor.ca/pronto
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputE ncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&hl={language}&q={searc hTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://webmail1.uwindsor.ca/pronto
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\Appli cation\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TOSHIBA\AppData\Local\Google\Update\1.3.2 1.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: uTorrentControl_v2 = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaiei mbmdda\2.3.18.20_0\
CHR - Extension: AdBlock = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.54_0\
CHR - Extension: New Tab Redirect! = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpio pdcmna\2.0_0\
CHR - Extension: Yulia Brodskaya = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhff bmdpko\2_0\
CHR - Extension: ICE Quick Stream = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkap lpadgp\5.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacok ifdkhm\2.1.2.145_0\
CHR - Extension: Webroot = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnba gmfhab\2.0.15_0\
CHR - Extension: Gmail = C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2012/02/11 00:05:22 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll File not found
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WebrootBHO Class) - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files (x86)\Webroot\Security\current\plugins\browserexte nsion\WebrootBHO.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] "%ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.ex e" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003..\Run: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoStartMenuSubFolders = 0
Reply With Quote
  #15  
Old December 31st, 2012, 01:16 AM
DRayner DRayner is offline
Member
 
Join Date: Dec 2012
Posts: 34
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoDispSettingsPage = 0
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{23403977-CDFA-451C-8216-BB3BDA2CC22A}: NameServer = 202.102.152.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DB27F71F-2A3E-4C80-84F7-89C3E082B01C}: NameServer = 8.8.8.8,208.67.222.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30:64bit: - LSA: Security Packages - (pku2u) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 00:37:37 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{9D33C9DD-9F22-43B8-A304-469F7DD2C99C}
[2012/12/29 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{45BF96C7-AB81-4D81-8175-2044C1BCA622}
[2012/12/28 19:47:50 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{3A60AED6-7CF8-46A9-BDFD-99D8D2066498}
[2012/12/28 07:47:27 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{385E5033-E90F-45F1-A449-9D3013FD873F}
[2012/12/27 22:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/12/27 22:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/12/27 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{12965A95-5DFF-413D-AA4D-726E3BDF9AEA}
[2012/12/27 07:46:08 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{4C1E9ABF-9436-4FB2-84A9-C8C041E78F71}
[2012/12/26 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\dvdcss
[2012/12/26 11:36:01 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{FE17252E-5548-4E3C-803D-8FFD9608B3EC}
[2012/12/25 22:15:21 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{7D4DFA65-CBCB-4153-B751-1969A9E47282}
[2012/12/25 10:14:33 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{D2C4FA0A-10F8-4707-B3D0-40ECD4AC49CF}
[2012/12/25 00:55:34 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/25 00:55:34 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/25 00:55:34 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/25 00:55:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/24 23:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/12/24 23:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/24 23:04:10 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/12/24 22:19:45 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\WinZip
[2012/12/24 22:14:08 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{56B01D8A-AFC4-45D3-81E9-97A7F0BBA9AD}
[2012/12/24 17:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/12/24 17:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/12/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/12/24 17:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/24 17:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/24 17:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/24 17:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/24 12:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/24 08:35:37 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{A1FA8F5E-75BE-4F26-BAA7-FC52FD5850BF}
[2012/12/23 21:31:28 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{52E72E86-6045-4859-BE65-22E541528A91}
[2012/12/23 09:40:23 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\ExpressVPN(266)
[2012/12/23 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{117FFB71-7691-4066-99C1-9B988F2C6DAC}
[2012/12/22 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{FAC425B3-911A-4E3C-A50F-B5AEF614C13D}
[2012/12/22 07:44:43 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{6C067C8A-0CFD-4A0F-9A59-D0D5A4F03A80}
[2012/12/21 19:26:36 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{D383539C-7CCD-4CDD-85C3-85A9919F56F2}
[2012/12/21 07:26:13 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{49AFCFA3-1EE2-43CE-89B4-E3FBCD65C382}
[2012/12/20 07:25:40 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{A6155FAE-C766-409B-AD34-6F990BA5BFBE}
[2012/12/19 18:23:56 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{22183B59-AE5E-468E-8BA5-5B3656E17D38}
[2012/12/19 11:45:20 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{246B5C58-1E01-41B8-AFB6-38F1089122DF}
[2012/12/19 07:24:56 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{701C07B6-829F-4F6C-97F5-BAB370C54807}
[2012/12/18 07:45:13 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{64631B86-9028-4A36-9980-75B592F2F05A}
[2012/12/17 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{F73449ED-3A65-4836-B99B-1CC88664B1FC}
[2012/12/17 08:19:54 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{5CB1FC0F-0D50-400E-B3F4-17374C12C20C}
[2012/12/16 09:57:11 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{33E0A187-2A79-482D-A7E0-AC7DD2AACB38}
[2012/12/15 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{4E392E10-33A9-4C81-A4E3-5AE5D2A582EB}
[2012/12/14 07:34:38 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{82ADF6FC-9410-4B2A-A189-193A25B39B2E}
[2012/12/13 16:52:39 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/13 16:52:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/13 16:52:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/13 16:52:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/13 16:52:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/13 16:52:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/13 16:52:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/13 16:49:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 16:49:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 16:49:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 16:49:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 16:49:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 16:49:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 16:49:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 16:49:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 16:49:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 16:49:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 16:49:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 16:49:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 16:49:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 16:49:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 16:49:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/13 13:20:08 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/13 13:09:18 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/13 13:09:18 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/13 13:09:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/13 13:09:17 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/13 13:09:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012/12/13 12:21:51 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{04D023AB-1F4D-4B3E-B1E0-42D41ED2087B}
[2012/12/13 07:24:44 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{AD9918E1-7210-45EE-B440-437D8E4B8ADF}
[2012/12/12 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{4EBDC932-75ED-4750-AF5F-670045DCEB21}
[2012/12/12 07:29:57 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{B32807EB-5715-4602-BC66-3436D4361EDA}
[2012/12/11 19:25:31 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{A7053944-9C26-416B-BF12-34FA5D36BEDA}
[2012/12/11 07:25:33 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{42AF8EEC-14D6-4FCB-BDC2-98D26018D9C2}
[2012/12/10 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{86BAED3B-2426-46CC-8EC6-BCA873EF6223}
[2012/12/10 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{43262D70-555B-49D0-993C-FFCF9CB664FE}
[2012/12/09 09:21:07 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{ED69E145-356F-44A9-AEFA-57905C8343FB}
[2012/12/08 07:41:55 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{A702BDFD-256C-4BB6-B03C-6E8DC3C26199}
[2012/12/07 22:27:15 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{CB4133F1-4D3B-48B7-AA46-00CB0B6B848B}
[2012/12/07 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{ED932E95-E6B5-4C07-8599-B878978B9C7E}
[2012/12/06 22:25:37 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{8230B30B-1F3B-49A3-A2FF-7092A6E326B7}
[2012/12/06 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{37519428-A4C5-411B-8FF6-80E6DA15FCBB}
[2012/12/05 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{139870F8-52A0-4F64-A176-DED67C44A331}
[2012/12/05 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{1B9E446B-6214-4F5A-9702-033588CA7B70}
[2012/12/04 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{E189DCE1-6347-40CE-BA2B-118802988EB5}
[2012/12/03 10:21:24 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{A403D575-A6FA-4302-BC32-40CB1C584DA0}
[2012/12/02 11:08:08 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/02 10:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/02 10:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/12/02 10:20:04 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{7C79BFC1-DE0B-4BCA-8429-452D593AFD6D}
[2012/12/01 09:44:40 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{9769E6AE-3ED2-443B-8340-CA9001156839}
[2012/11/30 19:44:24 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\{1DCCCAFF-6959-44BC-A520-4268C64EF927}
[2012/11/03 20:37:28 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/30 09:34:35 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2012/12/30 09:29:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864491281-1052238831-3070168691-1003UA.job
[2012/12/30 09:12:30 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/12/30 09:12:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 09:12:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 09:11:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 00:42:07 | 000,787,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/30 00:42:07 | 000,664,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/30 00:42:07 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/28 10:04:25 | 571,724,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/27 22:28:23 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/26 17:25:27 | 000,020,480 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 09:44:03 | 000,410,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/24 16:38:25 | 000,000,680 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\d3d9caps.dat
[2012/12/22 20:45:30 | 000,009,086 | ---- | M] () -- C:\Users\TOSHIBA\Documents\Xmas playlist.wpl
[2012/12/21 16:47:02 | 014,053,272 | ---- | M] () -- C:\Users\TOSHIBA\Documents\different location diagnostic.htm
[2012/12/21 16:43:55 | 014,062,516 | ---- | M] () -- C:\Users\TOSHIBA\Documents\l2tp diagnostic.htm
[2012/12/21 07:52:52 | 009,108,770 | ---- | M] () -- C:\Users\TOSHIBA\Documents\log report.htm
[2012/12/16 21:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 21:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 19:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 18:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 11:15:56 | 000,002,651 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\Microsoft Office Word 2007.lnk
[2012/12/15 04:29:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864491281-1052238831-3070168691-1003Core.job
[2012/12/14 12:59:44 | 000,002,025 | ---- | M] () -- C:\Users\TOSHIBA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/14 12:59:43 | 000,002,063 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\Google Chrome.lnk
[2012/12/10 12:28:04 | 000,000,708 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\PPTP_SSTP.lnk
[2012/12/06 11:47:14 | 000,000,679 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\L2TP.lnk
[2012/12/02 11:09:03 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/02 10:44:50 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/01 10:18:02 | 000,044,392 | ---- | M] () -- C:\Users\TOSHIBA\Documents\playlist.wpl
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/28 10:04:25 | 571,724,175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/27 22:28:23 | 000,001,683 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 23:05:56 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/21 16:43:40 | 014,053,272 | ---- | C] () -- C:\Users\TOSHIBA\Documents\different location diagnostic.htm
[2012/12/21 16:27:20 | 014,062,516 | ---- | C] () -- C:\Users\TOSHIBA\Documents\l2tp diagnostic.htm
[2012/12/21 07:48:44 | 009,108,770 | ---- | C] () -- C:\Users\TOSHIBA\Documents\log report.htm
[2012/12/13 16:52:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00 _Inbox_Critical.Wdf
[2012/12/13 16:52:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_ Inbox_Critical.Wdf
[2012/12/02 11:09:03 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/02 10:44:50 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/01 17:38:14 | 000,009,086 | ---- | C] () -- C:\Users\TOSHIBA\Documents\Xmas playlist.wpl
[2012/10/22 23:05:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/10/01 15:18:30 | 000,000,492 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Roaming\SkinColor.xml
[2012/09/07 08:17:47 | 000,000,258 | RHS- | C] () -- C:\Users\TOSHIBA\ntuser.pol
[2011/12/14 14:13:51 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/21 09:39:53 | 000,000,680 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Local\d3d9caps.dat
[2011/08/24 11:19:49 | 000,000,366 | ---- | C] () -- C:\Users\TOSHIBA\724pixUploader.properties
[2011/08/11 07:51:11 | 000,002,975 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/08/11 06:57:37 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/07/22 07:25:33 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/07/22 07:24:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/07/22 07:24:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/07/21 10:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/07/20 19:23:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.b in
[2011/07/20 09:39:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/20 06:21:40 | 000,020,480 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 03:13:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/07/08 03:13:26 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/07/08 03:13:26 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/07/08 03:13:26 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/07/08 03:13:26 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/07/08 03:13:26 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/07/08 03:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/08 02:51:37 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2011/07/08 02:51:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2011/07/08 02:51:37 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2011/07/08 02:47:22 | 000,001,460 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysWOW64\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Lost wireless connection - laptop - moved by Jintan godlesswonder Malware Removal 3 February 1st, 2013 12:48 AM
Need Help with Laptop Not Responding and Freezing - moved by Jintan JohnNgSF Malware Removal 23 November 18th, 2012 12:27 AM
computer freezing, WON'T defrag - moved by Jintan donnar Windows Vista 20 September 19th, 2009 01:39 AM
Very odd freezing problem daily Mitch0557 Malware Removal 2 January 19th, 2008 06:03 PM


All times are GMT +1. The time now is 09:33 AM.