Need2BeClean

Alright, here's the log. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully. Prefs.js: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found. ========== FILES ========== File\Folder C:\Program Files (x86)\BitTorrentBar not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Maria\Desktop\cmd.bat deleted successfully. C:\Users\Maria\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Maria ->Temp folder emptied: 1903243 bytes ->Temporary Internet Files folder emptied: 14749370 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 89699758 bytes ->Google Chrome cache emptied: 50632957 bytes ->Flash cache emptied: 3595 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 130483 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 170734655 bytes Total Files Cleaned = 313.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 07062013_153551 Files\Folders moved on Reboot... C:\Users\Maria\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

OTL Extras logfile created on: 7/5/2013 9:04:26 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.20% Memory free 9.36 Gb Paging File | 7.63 Gb Available in Paging File | 81.56% Paging File free Paging file location(s): c:\pagefile.sys 5751 5751 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.46 Gb Total Space | 175.37 Gb Free Space | 61.01% Space Free | Partition Type: NTFS Computer Name: Z9222 | User Name: Maria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall "C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BD21C6-359B-4DA8-B7A7-E7D275091E06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0641CADD-2F06-4D75-AB0F-73CCEB1FB2CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0A8B8E36-BB2D-4A25-8F6E-995194CA53C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0CDD0128-86BD-4123-9834-9AF3B1A77112}" = lport=4100 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\webdictate\webdictate.exe | "{1CA160E3-0179-4EBC-985D-1F82095B5355}" = lport=10243 | protocol=6 | dir=in | app=system | "{250C5ABD-8E17-4DDD-8B21-ABBBCCBB9480}" = lport=445 | protocol=6 | dir=in | app=system | "{270B502D-17CA-4831-BAB3-25C31B563D78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2880653C-B3A7-4174-8C6A-E63E10C3160D}" = rport=137 | protocol=17 | dir=out | app=system | "{2CB0CE1D-D35C-4F04-B91A-A4AD340FB38F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{356C16DA-0667-4275-800D-E9EEE9F24A53}" = lport=4100 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\webdictate\webdictate.exe | "{4C96660F-AFF8-4DB3-BA34-5634F3BBA0F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{58C957EF-1F5E-4203-816C-6EF3B0D85F19}" = rport=10243 | protocol=6 | dir=out | app=system | "{5AB1794F-9576-4E1F-A671-7D5FA35CAB9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5B9723D6-F9F0-4258-959D-EDF3FE73891E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{5C182464-6371-4829-956F-BC76B82F06CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6D7035BA-ACA8-4C3F-9E36-232D027998A1}" = lport=139 | protocol=6 | dir=in | app=system | "{6E9323AB-7F8E-4E8C-BF03-41DB12630FF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6EB31786-7711-40F1-BC96-49122AE6A1E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8656B927-0ED8-49A5-BE6E-EBEF2BB02807}" = lport=137 | protocol=17 | dir=in | app=system | "{986BE996-B15F-4013-9F5C-9DDB3B19CC93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{B064D3F8-CEA4-4F11-921B-012BA0E41C63}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4DA12A0-C769-476E-B709-C7C7DF545632}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C5AA4A94-179F-4DD6-8C0D-4AEED5014E32}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C7CC82F7-7432-4AB9-8A53-0FA840C40718}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C93B9B3D-403E-4BAD-8A3A-86772E190B87}" = rport=138 | protocol=17 | dir=out | app=system | "{DA132273-31A5-4D1A-A7A4-3B8EABDA6C71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E6C180C0-79E4-4DDF-BB02-4A37C4958786}" = lport=2869 | protocol=6 | dir=in | app=system | "{EB7C85DD-6E26-47EC-B6F8-500373D98C4A}" = lport=138 | protocol=17 | dir=in | app=system | "{F3BDCDE2-9CBD-4D16-B89D-A3DDBC8E0AD3}" = rport=445 | protocol=6 | dir=out | app=system | "{F77E0A1F-3CC9-454D-AC0D-6FFD53EEEDDD}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0516BC8E-9709-4FEC-82C9-FB848EEEBDB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{06BF9C9E-5256-4F6A-A90F-A2C244CC9D2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{07B60731-6DD1-413A-BE1A-64E4E5AF07EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{097370D7-194B-4305-91B8-90BC66E6CECA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{0987848B-6E33-4A8C-961E-AAEFDCA0BD50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0DBE038B-CF1C-4429-8F7F-0C50999A64BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{0FC959D6-A418-4724-B4D8-D970E9DEC2C6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{10AE38DA-0019-4B10-AB21-8C4F7F0703DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{240DA126-A1CF-491A-AC2B-95318D6A41FF}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | "{391FD463-54B5-45F2-B344-14B5C72929C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{42AAC070-EE86-4F6A-90B0-ECBFAC169050}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{439947BB-D6AA-409C-BF12-559C92875025}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4A2B8752-0826-4284-8FB3-B212D150687E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4E1071BC-7320-42E3-B1C4-A054376EA8E1}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | "{4EC6753E-6CAD-4A83-A7F2-A36D8F63FDC3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{54E4381B-F513-4720-A841-F5A58460A3A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{5A735224-15CD-43D3-83E9-138362A6E889}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5BA94030-B4F9-4E3C-AFC8-D7B6E4DCF6AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{5C0C8536-58F7-40A4-80A4-86ACCE37DAE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{e5083d57-d93f-404c-a91f-1c50d67c2beb}\setup\hpznui40.exe | "{67B611F7-AFD6-4796-BBDE-535C4E1EF636}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{6B7FE0C0-0270-49F9-A828-D3E72EFD363E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6E1F2C62-8945-4A5F-9580-45852A0F99C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{70223B55-1C93-4A74-A209-9BD7CB813D10}" = protocol=6 | dir=out | app=system | "{7DFDB625-6C50-4795-8D2D-20D1B3DC2DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{7E942219-537F-416A-8745-E07ED67C9EC3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7FE8275F-D8E3-45B8-962D-E99DB7D2B746}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{810F278A-3BC5-4183-9CC8-F4DE044DAADE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{87805D06-7194-4966-A3CD-46DB1951744A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{8A2D0230-56EA-42E4-8983-26110B6DA746}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8B66469E-06FD-4F83-BFD6-B5415DD4FCCF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{90454539-39B9-4FC5-A697-53113B1F4887}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{97AF21F6-0979-4B24-AB1D-11AD3AFF8DFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{99D7BA4B-98EE-42B8-8BCB-D677A9C8253D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{A17B8065-ADDB-4E99-B4C1-43ADACEBD560}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{A2A46B3A-75D1-4055-837C-79CCFDAE445E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A767B381-80DB-4C30-A80D-3AC5FD38E3FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{B1D8A43F-8A04-409B-9539-3C2D57F910A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{B4A19934-18A3-440C-9EA7-FDB00A224D4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B4C7005C-696F-445F-BF60-B1679D17C325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B60D93A5-506F-4026-87CF-EA82121F70BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B79905EF-7415-4F68-87C6-79A481AE8475}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{BEBFF92A-6E16-4649-BDC3-CF0FC855FACB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BEE3F158-36B7-4AF3-BC11-B4F0313F9F44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6EB807F-813F-4F6E-8379-7F6FF9D26C96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{D1AFE50D-D6EB-483D-AE37-384D035B61F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{D57E2F94-4C90-4475-89F8-C4414562F616}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{D6BC0BC0-697C-4118-8E6A-0AA6858AD343}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{DAFD2C7D-BBF0-49FF-B57A-92B30C54052C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4F24105-9AF9-41C3-88E0-870B52D946A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EEA7A51F-3D54-4FA1-84B6-BD17E2EC2E97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{F2AEA5AE-FFD7-4732-B78E-5081191AD285}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F3F4D402-6485-44C7-9FC6-3BF278E30685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{169685CB-51E2-48F5-92EB-5C4CF10D5F48}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{9FC3DBDE-C995-4F98-A806-A59335A3C2EA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{C2802CE4-0490-4EC3-AF7C-97258206765E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{CD24510C-E5A7-4596-B0A0-FA9A39FEDFBF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{D4AE2953-30BD-4B0E-A0AB-A0DEF2FA613B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{DF5F491D-5D2B-4413-AC21-6B655989E93E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64) "{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D2390E0-6920-4C40-8CBC-9907838DFA0F}" = ARX Office Signatures "{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64E22656-D7E6-4930-99D8-F81DC00E5C59}" = ARX OmniSign Printer "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6D8277C6-FB24-48BE-84B9-304320DB6D99}" = ARX CoSign Client "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97F59F06-B4DB-46C3-8B96-856A052B74D4}" = ARX Signature API "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64 "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}" = ARX CryptoKit "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "HitmanPro35" = Hitman Pro 3.5 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Speccy" = Speccy "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{06ED8674-1191-5DF4-88E9-5732C927ADF7}" = focus booster "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation "{1E8EB086-AE5F-45F6-887C-E5178868290F}" = Living Cookbook 2011 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech "{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian "{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{345CE506-D28F-456D-ACCA-97D05C335D99}" = Toshiba Book Place "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese "{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin "{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek "{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard "{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder "{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager "{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian "{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1 "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{547D6280-5592-4E3F-BB47-15AC66BCBD79}" = Writer's DreamKit "{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish "{57DB3FC4-FB4F-48F8-A290-1C22FB349277}" = Nuance Palm Voice Recorder "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common "{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding "{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.2.1 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German "{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005 "{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English "{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0 "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD4BFEE6-2C1E-45E9-B46F-A3EC99192DCF}" = Dramatica Pro "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai "{C34962D0-8C90-42C1-AA3B-CEA0DD6200C3}" = calibre "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F3DE47C0-1128-45C5-9494-EDC3086519DA}" = Storywizard "{F8ADEE0D-3143-4E71-8CCD-9423105A6199}_is1" = Grammarly "{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4shared Desktop" = 4shared Desktop "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ASIO4ALL" = ASIO4ALL "Asynx Planetarium v2.61_is1" = Asynx Planetarium Version 2.61 "Aurora 13.0a2 (x86 en-US)" = Aurora 13.0a2 (x86 en-US) "BitTorrentBar Toolbar" = BitTorrentBar Toolbar "com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1" = focus booster "C-Organizer Professional_is1" = C-Organizer Pro v 3.6.0 "DAEMON Tools Lite" = DAEMON Tools Lite "Deckadance" = Deckadance "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "FL Studio 10" = FL Studio 10 "Foxit Reader_is1" = Foxit Reader 5.1 "Freemake Video Converter_is1" = Freemake Video Converter version 4.0.2 "FrostWire 5" = FrostWire 5.5.6 "gBurner" = gBurner "iDailyDiary_is1" = iDailyDiary 3.71 "IL Download Manager" = IL Download Manager "Insight Calendar_is1" = Insight Calendar "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "Kepler 7.0" = Kepler 7.0 "Keylogger Detector" = Keylogger Detector "KeyScrambler" = KeyScrambler "LastPass" = LastPass (uninstall only) "Living Cookbook 2011" = Living Cookbook 2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NortonPCCheckup" = Toshiba Laptop Checkup "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OnlineArmor_is1" = Online Armor 6.0 "Origin" = Origin "Power Structure" = Power Structure "Power Writer" = Power Writer "RealPlayer 15.0" = RealPlayer "Scrivener 1530" = Scrivener "Security Task Manager" = Security Task Manager 1.8d "SendSpaceWizard" = SendSpace Wizard "TIMELEFT3_is1" = TimeLeft "Trillian" = Trillian "VLC media player" = VLC media player 1.1.11 "WebDictate" = Web Dictate "WinLiveSuite" = Windows Live Essentials "Writer's Café_is1" = Writer's Café 1.29 "Xvid Video Codec 1.3.2" = Xvid Video Codec "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Amazon Kindle" = Amazon Kindle "CC Magic" = CC Magic "e8613826cf099a2d" = FOCUS "FileZilla Client" = FileZilla Client 3.5.2 "Five9 Agent" = Five9 Agent "FreeScreenSharing" = FreeScreenSharing "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "oDVT" = oDesk Team "StartMeeting" = StartMeeting ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/3/2013 10:02:10 AM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0 Description = Error - 7/3/2013 9:43:36 PM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0 Description = Error - 7/4/2013 2:04:55 AM | Computer Name = Z9222 | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 7/4/2013 10:42:45 AM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0 Description = Error - 7/4/2013 7:54:22 PM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0 Description = Error - 7/5/2013 3:18:42 AM | Computer Name = Z9222 | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 7/5/2013 6:39:48 AM | Computer Name = Z9222 | Source = TestWorker | ID = 131073 Description = [ System Events ] Error - 7/3/2013 9:42:59 PM | Computer Name = Z9222 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:41:37 PM on ?7/?3/?2013 was unexpected. Error - 7/3/2013 9:44:01 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. Error - 7/3/2013 9:44:01 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000 Description = The SBSD Security Center Service service failed to start due to the following error: %%1053 Error - 7/3/2013 9:44:37 PM | Computer Name = Z9222 | Source = bowser | ID = 8003 Description = Error - 7/4/2013 10:43:16 AM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. Error - 7/4/2013 10:43:16 AM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000 Description = The SBSD Security Center Service service failed to start due to the following error: %%1053 Error - 7/4/2013 7:53:53 PM | Computer Name = Z9222 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:52:42 PM on ?7/?4/?2013 was unexpected. Error - 7/4/2013 7:54:53 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. Error - 7/4/2013 7:54:53 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000 Description = The SBSD Security Center Service service failed to start due to the following error: %%1053 < End of report >

I got an error message that said my post was too long so I will have to copy and paste in two seperate posts. OTL logfile created on: 7/5/2013 9:03:58 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.20% Memory free 9.36 Gb Paging File | 7.63 Gb Available in Paging File | 81.56% Paging File free Paging file location(s): c:\pagefile.sys 5751 5751 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.46 Gb Total Space | 175.37 Gb Free Space | 61.01% Space Free | Partition Type: NTFS Computer Name: Z9222 | User Name: Maria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/27 05:19:44 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2013/01/30 23:36:22 | 000,365,120 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe PRC - [2013/01/30 23:36:22 | 000,168,000 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe PRC - [2012/10/05 15:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2011/12/07 13:33:50 | 000,814,596 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe PRC - [2010/12/12 12:22:06 | 000,117,856 | ---- | M] (Algorithmic Research Ltd.) -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/12/12 12:22:06 | 000,117,856 | ---- | M] (Algorithmic Research Ltd.) [Auto | Running] -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe -- (ARcltsrv) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/06/27 05:19:44 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2013/06/12 14:15:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/04/04 09:36:12 | 000,112,584 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/12/07 13:33:50 | 000,814,596 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe -- (WebDictateService) SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/13 13:41:26 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/14 19:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler) DRV:64bit: - [2011/03/29 10:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE1200w764.sys -- (Linksys_adapter_H) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/25 13:26:18 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/03/31 17:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2013/03/28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2012/10/02 15:03:04 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX) DRV - [2012/10/02 15:02:34 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon) DRV - [2012/10/02 15:02:32 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice) DRV - [2012/04/30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/ IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{B65BA1FE-ADBF-4775-85B1-C97E06573021}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{741BD9A9-B713-46E0-99FC-73AB1B06A2B2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes,DefaultScope = {741BD9A9-B713-46E0-99FC-73AB1B06A2B2} IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{354EFF3F-62C5-40B4-8F62-55C4AFA0472E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS412 IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSND_en IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{741BD9A9-B713-46E0-99FC-73AB1B06A2B2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_en IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: afterthedeadline@afterthedeadline.com:1.51 FF - prefs.js..extensions.enabledAddons: check4change-owner@mozdev.org:1.9.3 FF - prefs.js..extensions.enabledAddons: coralietab@mozdev.org:2.04.20110724 FF - prefs.js..extensions.enabledAddons: info@youtube-mp3.org:1.0.4 FF - prefs.js..extensions.enabledAddons: SpellcheckEverything@example.com:0.2 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: twitternotifier@naan.net:2.5.2 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {68d0652a-86ef-4c6a-89f4-808652357b2c}:2.2 FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22 FF - prefs.js..extensions.enabledAddons: stefanvandamme@stefanvd.net:2.1.0.12 FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.20 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.16 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15 FF - prefs.js..extensions.enabledAddons: {b2e69492-2358-071a-7056-24ad0c3defb1}:1.8.2 FF - prefs.js..extensions.enabledAddons: fmconverter@gmail.com:1.0.0 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: speller@appen.com.au:3.1.4 FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 13.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012/07/08 00:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 13.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/04 14:48:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/11 22:11:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/06/28 01:51:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/07 17:11:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/11 14:03:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/04 14:48:16 | 000,000,000 | ---D | M] [2011/01/31 18:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Extensions [2013/06/26 16:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions [2013/06/26 14:04:33 | 000,000,000 | ---D | M] (Bamboo Feed Reader) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2013/05/29 13:37:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/01 12:02:32 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2012/08/07 14:54:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/03/12 16:39:26 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\coralietab@mozdev.org [2011/05/04 14:49:17 | 000,000,000 | ---D | M] (Appen Dictionary Auto-Select) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\speller@appen.com.au [2013/02/17 16:49:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\support@lastpass.com [2012/10/18 14:27:06 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\twitternotifier@naan.net [2012/02/04 17:02:35 | 000,085,537 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\afterthedeadline@afterthedeadline.com.xpi [2012/03/15 16:59:40 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\check4change-owner@mozdev.org.xpi [2011/08/18 17:01:11 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\info@youtube-mp3.org.xpi [2011/07/31 16:45:08 | 000,001,809 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\SpellcheckEverything@example.com.xpi [2012/12/10 23:12:49 | 000,631,898 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\stefanvandamme@stefanvd.net.xpi [2012/09/12 23:29:01 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\testpilot@labs.mozilla.com.xpi [2011/08/27 13:25:02 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\youtube2mp3@mondayx.de.xpi [2011/11/25 12:41:44 | 000,015,613 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi [2013/02/14 21:00:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/04/05 13:21:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013/06/26 16:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/06/28 01:51:01 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2012/12/07 17:11:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll [2012/12/07 17:11:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/12/07 17:11:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\nplastpass.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: NapsterLink (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: DoNotTrackMe = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.620_0\ CHR - Extension: AdBlock+ = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\ CHR - Extension: onescene = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgifplpibackknoncogfojkmnadgmln\1.0_0\ CHR - Extension: YouTube to MP3 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajdnhmdgikmjbcggoihnbmnnkbmljlg\0.0.3_0\ CHR - Extension: YouTube mp3 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena\1.0_0\ CHR - Extension: Pandora = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\ CHR - Extension: After the Deadline = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\ CHR - Extension: 1-ClickWeather for Chrome = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\ CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.3.19_0\ CHR - Extension: Planetarium = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: AdBlock = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: LastPass = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\ CHR - Extension: Cloud Reader = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_1\ CHR - Extension: Turkopticon v2.0 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbiknngieiiicnpfcgejmigdpfmaeja\2.0_0\ CHR - Extension: Turkopticon v2.0 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbiknngieiiicnpfcgejmigdpfmaeja\2.0_0\.bak CHR - Extension: Akira Isogawa = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao\3_0\ CHR - Extension: Get Flash = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\innejflndneacnpgjkdhejmejgpnhfgf\1.0.5_0\ CHR - Extension: Freemake Video Converter = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\ CHR - Extension: SmartVideo For YouTube\u2122 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9927_0\ CHR - Extension: Disable Text Ads = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfpnkpkfimklgoeimnldbgjabebfjjo\9.0_0\ CHR - Extension: video2mp3.net = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehlfiodkonepliockofnonigghjkge\0.0.4_0\ CHR - Extension: RSS Feed Reader = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\ O1 HOSTS File: ([2013/06/28 11:41:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba) O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet) O15 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B9AC1CE-67D8-45C1-9607-ECA45A47D7E8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/05 09:01:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe [2013/07/03 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Crystals and Gems [2013/07/03 01:44:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Maria\Desktop\JRT.exe [2013/07/01 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\IRS [2013/07/01 11:52:25 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\TFC.exe [2013/06/29 17:59:19 | 000,000,000 | ---D | C] -- C:\Users\Maria\.startmeeting [2013/06/29 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartMeeting [2013/06/29 17:59:06 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\StartMeeting [2013/06/29 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/06/29 11:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/06/29 11:10:07 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Maria\Desktop\esetsmartinstaller_enu.exe [2013/06/28 12:13:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/28 11:11:26 | 005,083,661 | R--- | C] (Swearware) -- C:\Users\Maria\Desktop\ComboFix.exe [2013/06/28 01:56:01 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\FreemakeVideoConverter [2013/06/28 01:54:03 | 000,000,000 | ---D | C] -- C:\Users\Maria\FrostWire [2013/06/28 01:53:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\.frostwire5 [2013/06/28 01:53:36 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5 [2013/06/28 01:51:12 | 000,000,000 | ---D | C] -- C:\Users\Maria\Documents\Freemake [2013/06/28 01:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5 [2013/06/28 01:51:04 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013/06/28 01:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013/06/28 01:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013/06/28 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013/06/26 16:10:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/06/26 16:10:28 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/26 15:49:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Maria\Desktop\tdsskiller.exe [2013/06/06 09:52:28 | 000,035,376 | ---- | C] (Emsisoft) -- C:\windows\SysNative\drivers\oanet.sys [2013/06/05 10:23:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Maria\Desktop\dds.com [2011/07/20 17:01:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Maria\AppData\Roaming\pcouffin.sys [3 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/05 09:07:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3193659525-3005963473-860001992-1001UA.job [2013/07/05 09:06:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/05 08:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/04 21:06:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/04 19:02:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 19:02:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 18:53:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/07/04 18:53:35 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys [2013/07/04 17:07:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3193659525-3005963473-860001992-1001Core.job [2013/07/03 01:53:42 | 000,001,263 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013/07/02 11:49:32 | 010,822,664 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/07/02 11:49:32 | 003,701,192 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/07/02 11:49:32 | 000,006,218 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/07/01 13:12:42 | 000,994,777 | ---- | M] () -- C:\Users\Maria\Desktop\IRS.zip [2013/07/01 11:52:29 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\TFC.exe [2013/06/29 17:59:08 | 000,001,124 | ---- | M] () -- C:\Users\Maria\Desktop\StartMeeting.lnk [2013/06/29 11:10:15 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Maria\Desktop\esetsmartinstaller_enu.exe [2013/06/28 11:41:04 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/06/28 01:53:36 | 000,001,212 | ---- | M] () -- C:\Users\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.6.lnk [2013/06/28 01:53:36 | 000,001,188 | ---- | M] () -- C:\Users\Maria\Desktop\FrostWire 5.5.6.lnk [2013/06/28 01:51:03 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2013/06/27 23:49:52 | 005,083,661 | R--- | M] (Swearware) -- C:\Users\Maria\Desktop\ComboFix.exe [2013/06/26 16:03:41 | 420,150,334 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/06/26 15:49:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Maria\Desktop\tdsskiller.exe [2013/06/10 13:58:30 | 003,252,424 | ---- | M] () -- C:\Users\Maria\Desktop\StartMeeting_installer.exe [2013/06/08 13:41:38 | 000,648,201 | ---- | M] () -- C:\Users\Maria\Desktop\AdwCleaner.exe [2013/06/08 10:58:17 | 001,573,100 | ---- | M] () -- C:\Users\Maria\Desktop\30 Years Among The Dead.PDF [2013/06/06 09:52:28 | 000,035,376 | ---- | M] (Emsisoft) -- C:\windows\SysNative\drivers\oanet.sys [2013/06/06 09:50:20 | 000,000,358 | ---- | M] () -- C:\Users\Maria\Documents\Poetry.wcn [2013/06/06 09:50:20 | 000,000,272 | ---- | M] () -- C:\Users\Maria\Documents\My Demons.wcj [2013/06/05 10:23:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Maria\Desktop\dds.com [3 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/03 22:26:14 | 044,377,362 | ---- | C] () -- C:\Users\Maria\Desktop\Gems, Earthquakes and Hurricanes.mp3 [2013/07/03 01:44:02 | 000,648,201 | ---- | C] () -- C:\Users\Maria\Desktop\AdwCleaner.exe [2013/07/01 13:12:42 | 000,994,777 | ---- | C] () -- C:\Users\Maria\Desktop\IRS.zip [2013/06/29 17:59:08 | 000,001,124 | ---- | C] () -- C:\Users\Maria\Desktop\StartMeeting.lnk [2013/06/29 17:58:46 | 003,252,424 | ---- | C] () -- C:\Users\Maria\Desktop\StartMeeting_installer.exe [2013/06/28 01:53:36 | 000,001,212 | ---- | C] () -- C:\Users\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.6.lnk [2013/06/28 01:53:36 | 000,001,188 | ---- | C] () -- C:\Users\Maria\Desktop\FrostWire 5.5.6.lnk [2013/06/28 01:51:03 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2013/06/21 18:46:30 | 054,669,189 | ---- | C] () -- C:\Users\Maria\Desktop\show_4320507.mp3 [2013/06/21 17:50:20 | 042,202,929 | ---- | C] () -- C:\Users\Maria\Desktop\show_4933167.mp3 [2013/06/08 10:57:59 | 001,573,100 | ---- | C] () -- C:\Users\Maria\Desktop\30 Years Among The Dead.PDF [2013/06/04 21:37:40 | 000,062,016 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys [2013/06/04 21:37:40 | 000,061,632 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys [2012/07/12 13:17:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/07/12 13:17:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/07/12 13:17:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/07/12 13:17:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/07/12 13:17:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/07/06 09:16:39 | 000,000,168 | ---- | C] () -- C:\Users\Maria\defogger_reenable [2012/06/24 11:24:32 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012/06/24 11:24:32 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2012/05/15 22:06:01 | 000,000,039 | ---- | C] () -- C:\windows\KeplerAstrology.INI [2012/01/23 20:59:56 | 000,000,006 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\SmartDiarySuite.dic-sds [2011/10/30 00:59:48 | 000,000,035 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\lingchofat [2011/10/24 13:23:13 | 000,000,021 | ---- | C] () -- C:\ProgramData\.245548635012626446356421263181 [2011/07/29 17:47:12 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat [2011/07/29 17:47:12 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat [2011/07/20 17:01:34 | 000,099,384 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\inst.exe [2011/07/20 17:01:34 | 000,007,859 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\pcouffin.cat [2011/07/20 17:01:34 | 000,001,167 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\pcouffin.inf [2011/07/20 16:49:18 | 000,001,057 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\vso_ts_preview.xml [2011/06/08 19:51:37 | 000,000,017 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\birtart [2011/06/08 19:46:24 | 000,000,166 | ---- | C] () -- C:\Users\Maria\AppData\Local\BAPWNUM4.DBR [2011/06/08 19:31:37 | 000,000,032 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\inesrol [2011/01/25 15:41:38 | 000,002,355 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\SAS7_000.DAT ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/11/23 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\4shared Desktop [2011/01/25 13:45:44 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\ARGELA [2011/04/30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Book Place [2012/01/23 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\bppenu11 [2011/03/02 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\calibre [2011/04/07 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CBS Interactive [2011/04/07 16:15:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CheckPoint [2011/05/08 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1 [2012/10/09 19:00:41 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CommFort [2012/06/09 13:18:06 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DAEMON Tools Lite [2011/08/29 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Deckadance19 [2011/10/24 12:17:05 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Downloaded Installations [2012/07/06 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\ESET [2012/07/05 19:22:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\f-secure [2011/05/24 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\FileFactory Turbo [2012/06/09 12:58:40 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\FileZilla [2011/10/24 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Final Draft [2012/06/19 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Five9 [2011/12/04 02:55:33 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Foxit Software [2011/03/02 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Llamagraphics [2012/06/02 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mc & RENOX [2011/06/20 02:17:12 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Metaversum [2011/03/02 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mobipocket [2011/05/04 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\NesterSoft [2013/06/04 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\OnlineArmor [2011/09/09 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Opera [2012/06/15 11:50:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Origin [2011/10/24 13:30:56 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Power Writer [2012/04/14 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\QFX Software [2012/04/04 19:40:46 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\QuickScan [2011/11/23 13:52:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SendSpace Wizard [2011/08/29 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SongManager [2012/03/12 14:12:55 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\StoryLines [2012/04/14 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SystemRequirementsLab [2011/03/29 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Tific [2011/01/25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Toshiba [2011/09/26 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Trillian [2011/02/03 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TSR [2012/06/19 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Vso [2012/08/25 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\webex [2011/01/25 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WinBatch [2012/07/05 23:47:49 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WinPatrol [2013/03/11 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WordTiles [2011/04/24 18:55:07 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WOutliner [2013/06/21 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Writer's Cafe ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8 < End of report >

My system is running fine. I'm still having issues in trying to delete the Bittorrent Toolbar, however. I did a search and found that there is file named bittorrent.jar in a Chrome extensions folder on my computer. Can I just delete the file?

Here goes... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Premium x64Ran by Maria on Wed 07/03/2013 at 1:54:07.15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Maria\AppData\Roaming\opencandy" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/03/2013 at 2:04:20.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 07/03/2013 at 09:00:33 # Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Maria - Z9222# Boot Mode : Normal# Running from : C:\Users\Maria\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (en-US) File : C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9321 octets] - [26/06/2013 16:44:01]AdwCleaner[s1].txt - [9417 octets] - [26/06/2013 16:44:19]AdwCleaner[s2].txt - [926 octets] - [03/07/2013 09:00:33] ########## EOF - C:\AdwCleaner[s2].txt - [985 octets] ##########

I tried and this is the message I recieved: Error: 2 - The system cannot find the file specified.

So far, so good. I can search using Firefox without getting a browser redirect. Do you want me to try and remove the BitTorrent toolbar again?

Alright, here you go. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threats cleaned by deleting - quarantinedC:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantinedC:\Users\Maria\AppData\Local\Citrix\utaqlxmg.dll Win32/Boaxxe.G trojan cleaned by deleting - quarantinedC:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0ZKHNV\rl[1].htm HTML/Iframe.B.Gen virus deleted - quarantinedC:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RFCYL33F\rl[1].htm HTML/Iframe.B.Gen virus deleted - quarantinedC:\Users\Maria\AppData\Roaming\OpenCandy\14D6A7E4901F49EEA1E2A18713257FEB\frostwire-5.5.6.windows.exe multiple threats cleaned by deleting - quarantinedC:\Users\Maria\Desktop\FreemakeVideoConverterSetup.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

Okay here's the log. ComboFix.txt

Okay, I'm going to just upload the txt. files and see if that works. A few things. I was able to remove the Daemon Toolbar would no issue. I had decided to remove the Daemon software from my system because I no longer use it. The two times I tried I got the blue screen of death. I was not able to remove the BitTorrent toolbar at all. This is a program that I have used in months and has long since been deleted off my computer. I've tried in the past to remove the toolbar but this is the message that I got then and I get now. In the header it says "Wise Unistall" and the text within the box reads "Could not open INSTALL.LOG file. I have WinPatrol on my computer and now after the scans I get a WinPatrol New Program Alert that C:\Program Files (x86)\BitTorrentBar\tbBitT.dll is a new Internet Explorer Add-On that's been installed and wants to know if I approve the add-on. I keep selecting "no" but it keeps popping up like every five minutes. JRT.txt AdwCleaner.txt TDSSKiller.2.8.16.0_26.06.2013_16.51.23_log.txt

Okay, I'm not sure if it's on my end or if there is a glitch on the website. But I can upload my post containing the log files. I was able to make a test post as indicated up above, but that's it. At first I got an Internal 500 error and then it says "This reply has not been added as it has been posted too quickly"

Test

Wow, that's pretty disheartening. Well, my decision is to first do a cleanup and do a reinstall at a later date. Unfortunately, at this time, a reformat and reinstall just simply isn't possible. Thank you.

I have a redirect on my Firefox browser. I download and used the Microsoft Support Emergency Response Tool which said it only partial removed the trojan, But it's still there, redirecting. Last night I tried some other programs in Safe Mode to remove the threat and my computer kept crashing. Finally I just did a normal boot and went from there. These programs found six more trojans; including Trojan.Dropper.ED (which the malwarebytes program found). Five of trojans were actually hidden in my Avira desktop icon. However, I'm still plagued with Trojan:Win32/Tracur.AV. Below are my log reports. Thank you. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/25/2011 10:37:48 AM System Uptime: 6/5/2013 9:46:38 AM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD Athlon II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz . ==== Disk Partitions ========================= . . ==== Installed Programs ====================== . 4500_G510gm_Help 4500G510gm 4500G510gm_Software_Min 4shared Desktop 64 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 Amazon Kindle AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update ARX CoSign Client ARX CryptoKit ARX Office Signatures ARX OmniSign Printer ARX Signature API ASIO4ALL Asynx Planetarium Version 2.61 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program ATI Catalyst Install Manager Aurora 13.0a2 (x86 en-US) BitTorrentBar Toolbar BufferChm Business Plan Pro 15th Anniversary Edition C-Organizer Pro v 3.6.0 calibre Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All CC Magic ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco WebEx Meetings Computer Requirements 1.0 Conduit Engine Conexant HD Audio Crystal Reports Basic Runtime for Visual Studio 2008 Crystal Reports Basic Runtime for Visual Studio 2008 (x64) D3DX10 DAEMON Tools Lite DAEMON Tools Toolbar Deckadance Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DocMgr DocProc Dramatica Pro Edinamarry3 Free Tarot Software Emsisoft Anti-Malware Fax FileHippo.com Update Checker FileZilla Client 3.5.2 Five9 Agent FL Studio 10 FOCUS focus booster Foxit Reader 5.1 Free Alarm Clock 2.2.1 FreeScreenSharing gBurner Google Chrome Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.1.0.880 GPBaseService2 Grammarly HiJackThis Hitman Pro 3.5 Hoyle Card Games 2005 HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Officejet 4500 G510g-m HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update HPDiagnosticAlert HPProductAssistant iDailyDiary 3.71 IL Download Manager Insight Calendar iSEEK AnswerWorks English Runtime Java 7 Update 9 (64-bit) Java Auto Updater Java 6 Update 26 Java 6 Update 32 Junk Mail filter update Kepler 7.0 Keylogger Detector KeyScrambler Label@Once 1.0 LastPass (uninstall only) Living Cookbook 2011 Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Mobipocket Reader 6.2 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napster Napster Burn Engine Napster Download Manager Network64 Nuance Palm Voice Recorder Nuance Voice Recorder NVIDIA GAME System Software 2.8.1 OCR Software by I.R.I.S. 13.0 Octoshape add-in for Adobe Flash Player oDesk Team Online Armor 6.0 Origin PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Power Structure Power Writer Quicken 2012 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek USB 2.0 Card Reader RealUpgrade 1.1 Scan Scrivener Security Task Manager 1.8d Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SendSpace Wizard Skype Launcher Skype™ 6.3 SmartWebPrinting SolutionCenter Speccy Spybot - Search & Destroy Status Storywizard swMSM Synaptics Pointing Device Driver System Requirements Lab CYRI TimeLeft Toolbox Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration TrayApp Trillian TSR Merlin Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) VLC media player 1.1.11 Web Dictate WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPatrol WinRAR archiver Writer's Café 1.29 Writer's DreamKit Xvid Video Codec Yahoo! Messenger Yahoo! Software Update . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32 Run by Maria at 10:31:39 on 2013-06-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.807 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Online Armor\OAcat.exe C:\Program Files (x86)\Online Armor\oasrv.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\spoolsv.exe C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe C:\Program Files\ARX\ARX CryptoKit\utils\arcltsrv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files (x86)\Online Armor\oaui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe C:\Program Files (x86)\Online Armor\OAhlp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\windows\system32\svchost.exe -k HPService C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\wuauclt.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\system32\taskmgr.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\system32\NOTEPAD.EXE C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe uRun: [Google Update] "C:\Users\Maria\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60 StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{48B4BD01-5344-4FA5-AC3D-0E464C39625B}\445424249454D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7B9AC1CE-67D8-45C1-9607-ECA45A47D7E8} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714}\445424249454D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-mStart Page = hxxp://start.toshiba.com/ x64-mDefault_Page_URL = hxxp://start.toshiba.com/ x64-BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2011-05-04 14:48; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-3-21 53488] R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-6-4 26176] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2011-1-25 254528] R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-6-4 61632] R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-6-4 62016] R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-6-4 40520] R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-6-4 2626880] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-1-6 202752] R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2013-6-4 216072] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-10-29 126392] R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2013-6-4 4463864] R2 WebDictateService;Web Dictate;C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe [2011-12-7 814596] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-1-6 9216] R3 KeyScrambler;KeyScrambler;C:\windows\System32\drivers\keyscrambler.sys [2012-4-14 222904] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-6 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-26 1153368] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-6-4 66320] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-2-16 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\windows\System32\drivers\AE1200w764.sys [2012-11-29 1254464] S3 NxDrv;SonicWALL NetExtender Adapter;C:\windows\System32\drivers\NxDrv.sys [2012-4-13 24264] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-1-6 232992] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-19 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: napster.exe: napsterplay="\" /PlayFile "%L" . =============== Created Last 30 ================ . 2013-06-05 14:04:28 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAEAB737-FCDD-4AD3-BFD6-AFA44851F1A0}\offreg.dll 2013-06-05 02:42:05 -------- d-----w- C:\Users\Maria\AppData\Roaming\OnlineArmor 2013-06-05 02:42:05 -------- d-----w- C:\ProgramData\OnlineArmor 2013-06-05 02:37:40 62016 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys 2013-06-05 02:37:40 61632 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys 2013-06-05 02:37:40 40520 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys 2013-06-05 02:37:25 -------- d-----w- C:\Program Files (x86)\Online Armor 2013-06-04 20:18:04 712264 ----a-w- C:\windows\isRS-000.tmp 2013-06-04 20:17:32 -------- d-----w- C:\Users\Maria\AppData\Local\Programs 2013-05-28 05:18:38 -------- d-----w- C:\Users\Maria\AppData\Local\Citrix 2013-05-24 11:52:33 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAEAB737-FCDD-4AD3-BFD6-AFA44851F1A0}\mpengine.dll . ==================== Find3M ==================== . 2013-05-14 23:16:40 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-14 23:16:40 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-05-02 07:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-04 19:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys . ============= FINISH: 10:34:26.28 ===============