Infected with Trojan:Win32/Tracur.AV

[Need2BeClean]

I have a redirect on my Firefox browser. I download and used the Microsoft Support Emergency Response Tool which said it only partial removed the trojan, But it's still there, redirecting. Last night I tried some other programs in Safe Mode to remove the threat and my computer kept crashing. Finally I just did a normal boot and went from there. These programs found six more trojans; including Trojan.Dropper.ED (which the malwarebytes program found). Five of trojans were actually hidden in my Avira desktop icon. However, I'm still plagued with Trojan:Win32/Tracur.AV.

Below are my log reports. Thank you.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/25/2011 10:37:48 AM

System Uptime: 6/5/2013 9:46:38 AM (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD Athlon II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

4500_G510gm_Help

4500G510gm

4500G510gm_Software_Min

4shared Desktop

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Amazon Kindle

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

ARX CoSign Client

ARX CryptoKit

ARX Office Signatures

ARX OmniSign Printer

ARX Signature API

ASIO4ALL

Asynx Planetarium Version 2.61

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

ATI Catalyst Install Manager

Aurora 13.0a2 (x86 en-US)

BitTorrentBar Toolbar

BufferChm

Business Plan Pro 15th Anniversary Edition

C-Organizer Pro v 3.6.0

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CC Magic

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cisco WebEx Meetings

Computer Requirements 1.0

Conduit Engine

Conexant HD Audio

Crystal Reports Basic Runtime for Visual Studio 2008

Crystal Reports Basic Runtime for Visual Studio 2008 (x64)

D3DX10

DAEMON Tools Lite

DAEMON Tools Toolbar

Deckadance

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocMgr

DocProc

Dramatica Pro

Edinamarry3 Free Tarot Software

Emsisoft Anti-Malware

Fax

FileHippo.com Update Checker

FileZilla Client 3.5.2

Five9 Agent

FL Studio 10

FOCUS

focus booster

Foxit Reader 5.1

Free Alarm Clock 2.2.1

FreeScreenSharing

gBurner

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

GPBaseService2

Grammarly

HiJackThis

Hitman Pro 3.5

Hoyle Card Games 2005

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510g-m

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPProductAssistant

iDailyDiary 3.71

IL Download Manager

Insight Calendar

iSEEK AnswerWorks English Runtime

Java 7 Update 9 (64-bit)

Java Auto Updater

Java 6 Update 26

Java 6 Update 32

Junk Mail filter update

Kepler 7.0

Keylogger Detector

KeyScrambler

Label@Once 1.0

LastPass (uninstall only)

Living Cookbook 2011

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mobipocket Reader 6.2

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Napster

Napster Burn Engine

Napster Download Manager

Network64

Nuance Palm Voice Recorder

Nuance Voice Recorder

NVIDIA GAME System Software 2.8.1

OCR Software by I.R.I.S. 13.0

Octoshape add-in for Adobe Flash Player

oDesk Team

Online Armor 6.0

Origin

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Power Structure

Power Writer

Quicken 2012

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Scan

Scrivener

Security Task Manager 1.8d

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SendSpace Wizard

Skype Launcher

Skype™ 6.3

SmartWebPrinting

SolutionCenter

Speccy

Spybot - Search & Destroy

Status

Storywizard

swMSM

Synaptics Pointing Device Driver

System Requirements Lab CYRI

TimeLeft

Toolbox

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

ToshibaRegistration

TrayApp

Trillian

TSR Merlin

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

VLC media player 1.1.11

Web Dictate

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPatrol

WinRAR archiver

Writer's Café 1.29

Writer's DreamKit

Xvid Video Codec

Yahoo! Messenger

Yahoo! Software Update

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32

Run by Maria at 10:31:39 on 2013-06-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.807 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Online Armor\OAcat.exe

C:\Program Files (x86)\Online Armor\oasrv.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe

C:\Program Files\ARX\ARX CryptoKit\utils\arcltsrv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\Program Files (x86)\Online Armor\oaui.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe

C:\Program Files (x86)\Online Armor\OAhlp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\taskmgr.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\NOTEPAD.EXE

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maria\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [Google Update] "C:\Users\Maria\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60

StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{48B4BD01-5344-4FA5-AC3D-0E464C39625B}\445424249454D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7B9AC1CE-67D8-45C1-9607-ECA45A47D7E8} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714}\445424249454D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-mStart Page = hxxp://start.toshiba.com/

x64-mDefault_Page_URL = hxxp://start.toshiba.com/

x64-BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll

x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2011-05-04 14:48; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-3-21 53488]

R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-6-4 26176]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2011-1-25 254528]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-6-4 61632]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-6-4 62016]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-6-4 40520]

R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-6-4 2626880]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-1-6 202752]

R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2013-6-4 216072]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-10-29 126392]

R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2013-6-4 4463864]

R2 WebDictateService;Web Dictate;C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe [2011-12-7 814596]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-1-6 9216]

R3 KeyScrambler;KeyScrambler;C:\windows\System32\drivers\keyscrambler.sys [2012-4-14 222904]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-6 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-26 1153368]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-6-4 66320]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-2-16 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\windows\System32\drivers\AE1200w764.sys [2012-11-29 1254464]

S3 NxDrv;SonicWALL NetExtender Adapter;C:\windows\System32\drivers\NxDrv.sys [2012-4-13 24264]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-1-6 232992]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-19 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

ShellExec: napster.exe: napsterplay="\" /PlayFile "%L"

.

=============== Created Last 30 ================

.

2013-06-05 14:04:28 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAEAB737-FCDD-4AD3-BFD6-AFA44851F1A0}\offreg.dll

2013-06-05 02:42:05 -------- d-----w- C:\Users\Maria\AppData\Roaming\OnlineArmor

2013-06-05 02:42:05 -------- d-----w- C:\ProgramData\OnlineArmor

2013-06-05 02:37:40 62016 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys

2013-06-05 02:37:40 61632 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys

2013-06-05 02:37:40 40520 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys

2013-06-05 02:37:25 -------- d-----w- C:\Program Files (x86)\Online Armor

2013-06-04 20:18:04 712264 ----a-w- C:\windows\isRS-000.tmp

2013-06-04 20:17:32 -------- d-----w- C:\Users\Maria\AppData\Local\Programs

2013-05-28 05:18:38 -------- d-----w- C:\Users\Maria\AppData\Local\Citrix

2013-05-24 11:52:33 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAEAB737-FCDD-4AD3-BFD6-AFA44851F1A0}\mpengine.dll

.

==================== Find3M ====================

.

2013-05-14 23:16:40 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 23:16:40 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-02 07:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-04-04 19:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

.

============= FINISH: 10:34:26.28 ===============

[Maniac]

Hello Need2BeClean and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Trojan:Win32/Tracur.AV

Trojan:Win32/Tracur.AV is a trojan that redirects Internet search queries to a malicious URL and allows backdoor access and control. It may also install other malware. It is a member of the Trojan:Win32/Tracur family.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

[Need2BeClean]

Wow, that's pretty disheartening.

Well, my decision is to first do a cleanup and do a reinstall at a later date. Unfortunately, at this time, a reformat and reinstall just simply isn't possible.

Thank you.

[Maniac]

Step 1

Please uninstall the following applications:

BitTorrentBar Toolbar

DAEMON Tools Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

Step 4

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• AdwCleaner log
  
• TDSSKiller log

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maniac]

Please follow my last instructions.

[Need2BeClean]

Test

[Need2BeClean]

Okay, I'm not sure if it's on my end or if there is a glitch on the website. But I can upload my post containing the log files. I was able to make a test post as indicated up above, but that's it. At first I got an Internal 500 error and then it says "This reply has not been added as it has been posted too quickly"

[Need2BeClean]

Okay, I'm going to just upload the txt. files and see if that works. 

 

A few things. I was able to remove the Daemon Toolbar would no issue. I had decided to remove the Daemon software from my system because I no longer use it. The two times I tried I got the blue screen of death. I was not able to remove the BitTorrent toolbar at all. This is a program that I have used in months and has long since been deleted off my computer. I've tried in the past to remove the toolbar but this is the message that I got then and I get now. In the header it says "Wise Unistall" and the text within the box reads "Could not open INSTALL.LOG file. I have WinPatrol on my computer and now after the scans I get a WinPatrol New Program Alert that C:\Program Files (x86)\BitTorrentBar\tbBitT.dll is a new Internet Explorer Add-On that's been installed and wants to know if I approve the add-on. I keep selecting "no" but it keeps popping up like every five minutes.

 

 

JRT.txt

 

AdwCleaner.txt

 

TDSSKiller.2.8.16.0_26.06.2013_16.51.23_log.txt

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Need2BeClean]

Okay here's the log.

 

ComboFix.txt

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Need2BeClean]

Alright, here you go.

 

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threats cleaned by deleting - quarantined

C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Maria\AppData\Local\Citrix\utaqlxmg.dll Win32/Boaxxe.G trojan cleaned by deleting - quarantined

C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0ZKHNV\rl[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RFCYL33F\rl[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Users\Maria\AppData\Roaming\OpenCandy\14D6A7E4901F49EEA1E2A18713257FEB\frostwire-5.5.6.windows.exe multiple threats cleaned by deleting - quarantined

C:\Users\Maria\Desktop\FreemakeVideoConverterSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

[Maniac]

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

How are things now?

[Need2BeClean]

So far, so good. I can search using Firefox without getting a browser redirect. Do you want me to try and remove the BitTorrent toolbar again?

[Maniac]

Yes, please.

[Need2BeClean]

I tried and this is the message I recieved: Error: 2 - The system cannot find the file specified.

[Maniac]

Please manually delete Junkware Removal Tool and AdwCleaner, then run them again. Post your log files.

[Need2BeClean]

Here goes...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Maria on Wed 07/03/2013 at  1:54:07.15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Maria\AppData\Roaming\opencandy"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/03/2013 at  2:04:20.33

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 09:00:33

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Maria - Z9222

# Boot Mode : Normal

# Running from : C:\Users\Maria\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7601.17514

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v12.0 (en-US)

 

File : C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v27.0.1453.116

 

File : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [9321 octets] - [26/06/2013 16:44:01]

AdwCleaner[s1].txt - [9417 octets] - [26/06/2013 16:44:19]

AdwCleaner[s2].txt - [926 octets] - [03/07/2013 09:00:33]

 

########## EOF - C:\AdwCleaner[s2].txt - [985 octets] ##########

[Maniac]

How are things now?

[Need2BeClean]

My system is running fine. I'm still having issues in trying to delete the Bittorrent Toolbar, however.

 

I did a search and found that there is file named bittorrent.jar in a Chrome extensions folder on my computer. Can I just delete the file?

[Maniac]

Let me take a deeper look:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[Need2BeClean]

I got an error message that said my post was too long so I will have to copy and paste in two seperate posts.

 

OTL logfile created on: 7/5/2013 9:03:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.20% Memory free
9.36 Gb Paging File | 7.63 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): c:\pagefile.sys 5751 5751 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.46 Gb Total Space | 175.37 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
 
Computer Name: Z9222 | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/27 05:19:44 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/01/30 23:36:22 | 000,365,120 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2013/01/30 23:36:22 | 000,168,000 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2012/10/05 15:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/07 13:33:50 | 000,814,596 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe
PRC - [2010/12/12 12:22:06 | 000,117,856 | ---- | M] (Algorithmic Research Ltd.) -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/12/12 12:22:06 | 000,117,856 | ---- | M] (Algorithmic Research Ltd.) [Auto | Running] -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe -- (ARcltsrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/27 05:19:44 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/06/12 14:15:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/04 09:36:12 | 000,112,584 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/07 13:33:50 | 000,814,596 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe -- (WebDictateService)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/13 13:41:26 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/14 19:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/29 10:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE1200w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 13:26:18 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/31 17:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2013/03/28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2012/10/02 15:03:04 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/04/30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{B65BA1FE-ADBF-4775-85B1-C97E06573021}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{741BD9A9-B713-46E0-99FC-73AB1B06A2B2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes,DefaultScope = {741BD9A9-B713-46E0-99FC-73AB1B06A2B2}
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{354EFF3F-62C5-40B4-8F62-55C4AFA0472E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS412
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSND_en
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\SearchScopes\{741BD9A9-B713-46E0-99FC-73AB1B06A2B2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_en
IE - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: afterthedeadline@afterthedeadline.com:1.51
FF - prefs.js..extensions.enabledAddons: check4change-owner@mozdev.org:1.9.3
FF - prefs.js..extensions.enabledAddons: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: info@youtube-mp3.org:1.0.4
FF - prefs.js..extensions.enabledAddons: SpellcheckEverything@example.com:0.2
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: twitternotifier@naan.net:2.5.2
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {68d0652a-86ef-4c6a-89f4-808652357b2c}:2.2
FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: stefanvandamme@stefanvd.net:2.1.0.12
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.16
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15
FF - prefs.js..extensions.enabledAddons: {b2e69492-2358-071a-7056-24ad0c3defb1}:1.8.2
FF - prefs.js..extensions.enabledAddons: fmconverter@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: speller@appen.com.au:3.1.4
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maria\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 13.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012/07/08 00:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 13.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/04 14:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/11 22:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/06/28 01:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/07 17:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/11 14:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/04 14:48:16 | 000,000,000 | ---D | M]
 
[2011/01/31 18:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Extensions
[2013/06/26 16:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions
[2013/06/26 14:04:33 | 000,000,000 | ---D | M] (Bamboo Feed Reader) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{b2e69492-2358-071a-7056-24ad0c3defb1}
[2013/05/29 13:37:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/01 12:02:32 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/08/07 14:54:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/12 16:39:26 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\coralietab@mozdev.org
[2011/05/04 14:49:17 | 000,000,000 | ---D | M] (Appen Dictionary Auto-Select) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\speller@appen.com.au
[2013/02/17 16:49:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\support@lastpass.com
[2012/10/18 14:27:06 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\twitternotifier@naan.net
[2012/02/04 17:02:35 | 000,085,537 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\afterthedeadline@afterthedeadline.com.xpi
[2012/03/15 16:59:40 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\check4change-owner@mozdev.org.xpi
[2011/08/18 17:01:11 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\info@youtube-mp3.org.xpi
[2011/07/31 16:45:08 | 000,001,809 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\SpellcheckEverything@example.com.xpi
[2012/12/10 23:12:49 | 000,631,898 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\stefanvandamme@stefanvd.net.xpi
[2012/09/12 23:29:01 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/08/27 13:25:02 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\youtube2mp3@mondayx.de.xpi
[2011/11/25 12:41:44 | 000,015,613 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi
[2013/02/14 21:00:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/05 13:21:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\kic2xzz8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/06/26 16:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/28 01:51:01 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012/12/07 17:11:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2012/12/07 17:11:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/07 17:11:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Maria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: DoNotTrackMe = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.620_0\
CHR - Extension: AdBlock+ = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: onescene = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgifplpibackknoncogfojkmnadgmln\1.0_0\
CHR - Extension: YouTube to MP3 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajdnhmdgikmjbcggoihnbmnnkbmljlg\0.0.3_0\
CHR - Extension: YouTube mp3 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena\1.0_0\
CHR - Extension: Pandora = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: After the Deadline = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: 1-ClickWeather for Chrome = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.3.19_0\
CHR - Extension: Planetarium = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\
CHR - Extension: AdBlock = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: LastPass = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\
CHR - Extension: Cloud Reader = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_1\
CHR - Extension: Turkopticon v2.0 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbiknngieiiicnpfcgejmigdpfmaeja\2.0_0\
CHR - Extension: Turkopticon v2.0 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbiknngieiiicnpfcgejmigdpfmaeja\2.0_0\.bak
CHR - Extension: Akira Isogawa = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao\3_0\
CHR - Extension: Get Flash = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\innejflndneacnpgjkdhejmejgpnhfgf\1.0.5_0\
CHR - Extension: Freemake Video Converter = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: SmartVideo For YouTube\u2122 = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9927_0\
CHR - Extension: Disable Text Ads = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfpnkpkfimklgoeimnldbgjabebfjjo\9.0_0\
CHR - Extension: video2mp3.net = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehlfiodkonepliockofnonigghjkge\0.0.4_0\
CHR - Extension: RSS Feed Reader = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\
 
O1 HOSTS File: ([2013/06/28 11:41:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0






O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-3193659525-3005963473-860001992-1001\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B9AC1CE-67D8-45C1-9607-ECA45A47D7E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF4477A-8286-4444-A17E-78ED0952E714}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/05 09:01:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2013/07/03 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Crystals and Gems
[2013/07/03 01:44:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Maria\Desktop\JRT.exe
[2013/07/01 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\IRS
[2013/07/01 11:52:25 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\TFC.exe
[2013/06/29 17:59:19 | 000,000,000 | ---D | C] -- C:\Users\Maria\.startmeeting
[2013/06/29 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartMeeting
[2013/06/29 17:59:06 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\StartMeeting
[2013/06/29 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/29 11:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/29 11:10:07 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Maria\Desktop\esetsmartinstaller_enu.exe
[2013/06/28 12:13:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/28 11:11:26 | 005,083,661 | R--- | C] (Swearware) -- C:\Users\Maria\Desktop\ComboFix.exe
[2013/06/28 01:56:01 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\FreemakeVideoConverter
[2013/06/28 01:54:03 | 000,000,000 | ---D | C] -- C:\Users\Maria\FrostWire
[2013/06/28 01:53:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\.frostwire5
[2013/06/28 01:53:36 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2013/06/28 01:51:12 | 000,000,000 | ---D | C] -- C:\Users\Maria\Documents\Freemake
[2013/06/28 01:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2013/06/28 01:51:04 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/06/28 01:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/06/28 01:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/06/28 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/06/26 16:10:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/26 16:10:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/26 15:49:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Maria\Desktop\tdsskiller.exe
[2013/06/06 09:52:28 | 000,035,376 | ---- | C] (Emsisoft) -- C:\windows\SysNative\drivers\oanet.sys
[2013/06/05 10:23:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Maria\Desktop\dds.com
[2011/07/20 17:01:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Maria\AppData\Roaming\pcouffin.sys
[3 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/05 09:07:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3193659525-3005963473-860001992-1001UA.job
[2013/07/05 09:06:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 08:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/04 21:06:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 19:02:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/04 19:02:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/04 18:53:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/04 18:53:35 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/04 17:07:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3193659525-3005963473-860001992-1001Core.job
[2013/07/03 01:53:42 | 000,001,263 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/02 11:49:32 | 010,822,664 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/02 11:49:32 | 003,701,192 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/02 11:49:32 | 000,006,218 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/01 13:12:42 | 000,994,777 | ---- | M] () -- C:\Users\Maria\Desktop\IRS.zip
[2013/07/01 11:52:29 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\TFC.exe
[2013/06/29 17:59:08 | 000,001,124 | ---- | M] () -- C:\Users\Maria\Desktop\StartMeeting.lnk
[2013/06/29 11:10:15 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Maria\Desktop\esetsmartinstaller_enu.exe
[2013/06/28 11:41:04 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/06/28 01:53:36 | 000,001,212 | ---- | M] () -- C:\Users\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.6.lnk
[2013/06/28 01:53:36 | 000,001,188 | ---- | M] () -- C:\Users\Maria\Desktop\FrostWire 5.5.6.lnk
[2013/06/28 01:51:03 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/06/27 23:49:52 | 005,083,661 | R--- | M] (Swearware) -- C:\Users\Maria\Desktop\ComboFix.exe
[2013/06/26 16:03:41 | 420,150,334 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:49:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Maria\Desktop\tdsskiller.exe
[2013/06/10 13:58:30 | 003,252,424 | ---- | M] () -- C:\Users\Maria\Desktop\StartMeeting_installer.exe
[2013/06/08 13:41:38 | 000,648,201 | ---- | M] () -- C:\Users\Maria\Desktop\AdwCleaner.exe
[2013/06/08 10:58:17 | 001,573,100 | ---- | M] () -- C:\Users\Maria\Desktop\30 Years Among The Dead.PDF
[2013/06/06 09:52:28 | 000,035,376 | ---- | M] (Emsisoft) -- C:\windows\SysNative\drivers\oanet.sys
[2013/06/06 09:50:20 | 000,000,358 | ---- | M] () -- C:\Users\Maria\Documents\Poetry.wcn
[2013/06/06 09:50:20 | 000,000,272 | ---- | M] () -- C:\Users\Maria\Documents\My Demons.wcj
[2013/06/05 10:23:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Maria\Desktop\dds.com
[3 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/03 22:26:14 | 044,377,362 | ---- | C] () -- C:\Users\Maria\Desktop\Gems, Earthquakes and Hurricanes.mp3
[2013/07/03 01:44:02 | 000,648,201 | ---- | C] () -- C:\Users\Maria\Desktop\AdwCleaner.exe
[2013/07/01 13:12:42 | 000,994,777 | ---- | C] () -- C:\Users\Maria\Desktop\IRS.zip
[2013/06/29 17:59:08 | 000,001,124 | ---- | C] () -- C:\Users\Maria\Desktop\StartMeeting.lnk
[2013/06/29 17:58:46 | 003,252,424 | ---- | C] () -- C:\Users\Maria\Desktop\StartMeeting_installer.exe
[2013/06/28 01:53:36 | 000,001,212 | ---- | C] () -- C:\Users\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.6.lnk
[2013/06/28 01:53:36 | 000,001,188 | ---- | C] () -- C:\Users\Maria\Desktop\FrostWire 5.5.6.lnk
[2013/06/28 01:51:03 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/06/21 18:46:30 | 054,669,189 | ---- | C] () -- C:\Users\Maria\Desktop\show_4320507.mp3
[2013/06/21 17:50:20 | 042,202,929 | ---- | C] () -- C:\Users\Maria\Desktop\show_4933167.mp3
[2013/06/08 10:57:59 | 001,573,100 | ---- | C] () -- C:\Users\Maria\Desktop\30 Years Among The Dead.PDF
[2013/06/04 21:37:40 | 000,062,016 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2013/06/04 21:37:40 | 000,061,632 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys
[2012/07/12 13:17:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/12 13:17:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/12 13:17:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/12 13:17:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/12 13:17:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/06 09:16:39 | 000,000,168 | ---- | C] () -- C:\Users\Maria\defogger_reenable
[2012/06/24 11:24:32 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/06/24 11:24:32 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/05/15 22:06:01 | 000,000,039 | ---- | C] () -- C:\windows\KeplerAstrology.INI
[2012/01/23 20:59:56 | 000,000,006 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\SmartDiarySuite.dic-sds
[2011/10/30 00:59:48 | 000,000,035 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\lingchofat
[2011/10/24 13:23:13 | 000,000,021 | ---- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2011/07/29 17:47:12 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/07/29 17:47:12 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/07/20 17:01:34 | 000,099,384 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\inst.exe
[2011/07/20 17:01:34 | 000,007,859 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\pcouffin.cat
[2011/07/20 17:01:34 | 000,001,167 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\pcouffin.inf
[2011/07/20 16:49:18 | 000,001,057 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\vso_ts_preview.xml
[2011/06/08 19:51:37 | 000,000,017 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\birtart
[2011/06/08 19:46:24 | 000,000,166 | ---- | C] () -- C:\Users\Maria\AppData\Local\BAPWNUM4.DBR
[2011/06/08 19:31:37 | 000,000,032 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\inesrol
[2011/01/25 15:41:38 | 000,002,355 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\SAS7_000.DAT
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/23 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\4shared Desktop
[2011/01/25 13:45:44 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\ARGELA
[2011/04/30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Book Place
[2012/01/23 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\bppenu11
[2011/03/02 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\calibre
[2011/04/07 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CBS Interactive
[2011/04/07 16:15:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CheckPoint
[2011/05/08 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2012/10/09 19:00:41 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\CommFort
[2012/06/09 13:18:06 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DAEMON Tools Lite
[2011/08/29 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Deckadance19
[2011/10/24 12:17:05 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Downloaded Installations
[2012/07/06 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\ESET
[2012/07/05 19:22:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\f-secure
[2011/05/24 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\FileFactory Turbo
[2012/06/09 12:58:40 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\FileZilla
[2011/10/24 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Final Draft
[2012/06/19 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Five9
[2011/12/04 02:55:33 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Foxit Software
[2011/03/02 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Llamagraphics
[2012/06/02 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mc & RENOX
[2011/06/20 02:17:12 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Metaversum
[2011/03/02 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mobipocket
[2011/05/04 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\NesterSoft
[2013/06/04 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\OnlineArmor
[2011/09/09 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Opera
[2012/06/15 11:50:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Origin
[2011/10/24 13:30:56 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Power Writer
[2012/04/14 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\QFX Software
[2012/04/04 19:40:46 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\QuickScan
[2011/11/23 13:52:32 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SendSpace Wizard
[2011/08/29 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SongManager
[2012/03/12 14:12:55 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\StoryLines
[2012/04/14 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SystemRequirementsLab
[2011/03/29 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Tific
[2011/01/25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Toshiba
[2011/09/26 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Trillian
[2011/02/03 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TSR
[2012/06/19 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Vso
[2012/08/25 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\webex
[2011/01/25 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WinBatch
[2012/07/05 23:47:49 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WinPatrol
[2013/03/11 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WordTiles
[2011/04/24 18:55:07 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WOutliner
[2013/06/21 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Writer's Cafe
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
 

[Need2BeClean]

OTL Extras logfile created on: 7/5/2013 9:04:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.20% Memory free
9.36 Gb Paging File | 7.63 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): c:\pagefile.sys 5751 5751 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.46 Gb Total Space | 175.37 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
 
Computer Name: Z9222 | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BD21C6-359B-4DA8-B7A7-E7D275091E06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0641CADD-2F06-4D75-AB0F-73CCEB1FB2CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A8B8E36-BB2D-4A25-8F6E-995194CA53C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CDD0128-86BD-4123-9834-9AF3B1A77112}" = lport=4100 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\webdictate\webdictate.exe |
"{1CA160E3-0179-4EBC-985D-1F82095B5355}" = lport=10243 | protocol=6 | dir=in | app=system |
"{250C5ABD-8E17-4DDD-8B21-ABBBCCBB9480}" = lport=445 | protocol=6 | dir=in | app=system |
"{270B502D-17CA-4831-BAB3-25C31B563D78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2880653C-B3A7-4174-8C6A-E63E10C3160D}" = rport=137 | protocol=17 | dir=out | app=system |
"{2CB0CE1D-D35C-4F04-B91A-A4AD340FB38F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{356C16DA-0667-4275-800D-E9EEE9F24A53}" = lport=4100 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\webdictate\webdictate.exe |
"{4C96660F-AFF8-4DB3-BA34-5634F3BBA0F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58C957EF-1F5E-4203-816C-6EF3B0D85F19}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5AB1794F-9576-4E1F-A671-7D5FA35CAB9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B9723D6-F9F0-4258-959D-EDF3FE73891E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5C182464-6371-4829-956F-BC76B82F06CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D7035BA-ACA8-4C3F-9E36-232D027998A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E9323AB-7F8E-4E8C-BF03-41DB12630FF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6EB31786-7711-40F1-BC96-49122AE6A1E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8656B927-0ED8-49A5-BE6E-EBEF2BB02807}" = lport=137 | protocol=17 | dir=in | app=system |
"{986BE996-B15F-4013-9F5C-9DDB3B19CC93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B064D3F8-CEA4-4F11-921B-012BA0E41C63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4DA12A0-C769-476E-B709-C7C7DF545632}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C5AA4A94-179F-4DD6-8C0D-4AEED5014E32}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C7CC82F7-7432-4AB9-8A53-0FA840C40718}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C93B9B3D-403E-4BAD-8A3A-86772E190B87}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA132273-31A5-4D1A-A7A4-3B8EABDA6C71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6C180C0-79E4-4DDF-BB02-4A37C4958786}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB7C85DD-6E26-47EC-B6F8-500373D98C4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3BDCDE2-9CBD-4D16-B89D-A3DDBC8E0AD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{F77E0A1F-3CC9-454D-AC0D-6FFD53EEEDDD}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0516BC8E-9709-4FEC-82C9-FB848EEEBDB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06BF9C9E-5256-4F6A-A90F-A2C244CC9D2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{07B60731-6DD1-413A-BE1A-64E4E5AF07EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{097370D7-194B-4305-91B8-90BC66E6CECA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0987848B-6E33-4A8C-961E-AAEFDCA0BD50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DBE038B-CF1C-4429-8F7F-0C50999A64BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0FC959D6-A418-4724-B4D8-D970E9DEC2C6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{10AE38DA-0019-4B10-AB21-8C4F7F0703DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{240DA126-A1CF-491A-AC2B-95318D6A41FF}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{391FD463-54B5-45F2-B344-14B5C72929C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{42AAC070-EE86-4F6A-90B0-ECBFAC169050}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{439947BB-D6AA-409C-BF12-559C92875025}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{4A2B8752-0826-4284-8FB3-B212D150687E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4E1071BC-7320-42E3-B1C4-A054376EA8E1}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{4EC6753E-6CAD-4A83-A7F2-A36D8F63FDC3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{54E4381B-F513-4720-A841-F5A58460A3A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5A735224-15CD-43D3-83E9-138362A6E889}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BA94030-B4F9-4E3C-AFC8-D7B6E4DCF6AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{5C0C8536-58F7-40A4-80A4-86ACCE37DAE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{e5083d57-d93f-404c-a91f-1c50d67c2beb}\setup\hpznui40.exe |
"{67B611F7-AFD6-4796-BBDE-535C4E1EF636}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6B7FE0C0-0270-49F9-A828-D3E72EFD363E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E1F2C62-8945-4A5F-9580-45852A0F99C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70223B55-1C93-4A74-A209-9BD7CB813D10}" = protocol=6 | dir=out | app=system |
"{7DFDB625-6C50-4795-8D2D-20D1B3DC2DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7E942219-537F-416A-8745-E07ED67C9EC3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7FE8275F-D8E3-45B8-962D-E99DB7D2B746}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{810F278A-3BC5-4183-9CC8-F4DE044DAADE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87805D06-7194-4966-A3CD-46DB1951744A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8A2D0230-56EA-42E4-8983-26110B6DA746}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8B66469E-06FD-4F83-BFD6-B5415DD4FCCF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90454539-39B9-4FC5-A697-53113B1F4887}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97AF21F6-0979-4B24-AB1D-11AD3AFF8DFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99D7BA4B-98EE-42B8-8BCB-D677A9C8253D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A17B8065-ADDB-4E99-B4C1-43ADACEBD560}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A2A46B3A-75D1-4055-837C-79CCFDAE445E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A767B381-80DB-4C30-A80D-3AC5FD38E3FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B1D8A43F-8A04-409B-9539-3C2D57F910A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B4A19934-18A3-440C-9EA7-FDB00A224D4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4C7005C-696F-445F-BF60-B1679D17C325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B60D93A5-506F-4026-87CF-EA82121F70BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B79905EF-7415-4F68-87C6-79A481AE8475}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{BEBFF92A-6E16-4649-BDC3-CF0FC855FACB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEE3F158-36B7-4AF3-BC11-B4F0313F9F44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6EB807F-813F-4F6E-8379-7F6FF9D26C96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D1AFE50D-D6EB-483D-AE37-384D035B61F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D57E2F94-4C90-4475-89F8-C4414562F616}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D6BC0BC0-697C-4118-8E6A-0AA6858AD343}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DAFD2C7D-BBF0-49FF-B57A-92B30C54052C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4F24105-9AF9-41C3-88E0-870B52D946A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EEA7A51F-3D54-4FA1-84B6-BD17E2EC2E97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{F2AEA5AE-FFD7-4732-B78E-5081191AD285}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F3F4D402-6485-44C7-9FC6-3BF278E30685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{169685CB-51E2-48F5-92EB-5C4CF10D5F48}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{9FC3DBDE-C995-4F98-A806-A59335A3C2EA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{C2802CE4-0490-4EC3-AF7C-97258206765E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CD24510C-E5A7-4596-B0A0-FA9A39FEDFBF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{D4AE2953-30BD-4B0E-A0AB-A0DEF2FA613B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{DF5F491D-5D2B-4413-AC21-6B655989E93E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D2390E0-6920-4C40-8CBC-9907838DFA0F}" = ARX Office Signatures
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64E22656-D7E6-4930-99D8-F81DC00E5C59}" = ARX OmniSign Printer
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6D8277C6-FB24-48BE-84B9-304320DB6D99}" = ARX CoSign Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F59F06-B4DB-46C3-8B96-856A052B74D4}" = ARX Signature API
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}" = ARX CryptoKit
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HitmanPro35" = Hitman Pro 3.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06ED8674-1191-5DF4-88E9-5732C927ADF7}" = focus booster
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1E8EB086-AE5F-45F6-887C-E5178868290F}" = Living Cookbook 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{345CE506-D28F-456D-ACCA-97D05C335D99}" = Toshiba Book Place
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{547D6280-5592-4E3F-BB47-15AC66BCBD79}" = Writer's DreamKit
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{57DB3FC4-FB4F-48F8-A290-1C22FB349277}" = Nuance Palm Voice Recorder
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.2.1
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD4BFEE6-2C1E-45E9-B46F-A3EC99192DCF}" = Dramatica Pro
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C34962D0-8C90-42C1-AA3B-CEA0DD6200C3}" = calibre
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F3DE47C0-1128-45C5-9494-EDC3086519DA}" = Storywizard
"{F8ADEE0D-3143-4E71-8CCD-9423105A6199}_is1" = Grammarly
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4shared Desktop" = 4shared Desktop
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"Asynx Planetarium v2.61_is1" = Asynx Planetarium Version 2.61
"Aurora 13.0a2 (x86 en-US)" = Aurora 13.0a2 (x86 en-US)
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1" = focus booster
"C-Organizer Professional_is1" = C-Organizer Pro v 3.6.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deckadance" = Deckadance
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"FL Studio 10" = FL Studio 10
"Foxit Reader_is1" = Foxit Reader 5.1
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.2
"FrostWire 5" = FrostWire 5.5.6
"gBurner" = gBurner
"iDailyDiary_is1" = iDailyDiary 3.71
"IL Download Manager" = IL Download Manager
"Insight Calendar_is1" = Insight Calendar
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Kepler 7.0" = Kepler 7.0
"Keylogger Detector" = Keylogger Detector
"KeyScrambler" = KeyScrambler
"LastPass" = LastPass (uninstall only)
"Living Cookbook 2011" = Living Cookbook 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnlineArmor_is1" = Online Armor 6.0
"Origin" = Origin
"Power Structure" = Power Structure
"Power Writer" = Power Writer
"RealPlayer 15.0" = RealPlayer
"Scrivener 1530" = Scrivener
"Security Task Manager" = Security Task Manager 1.8d
"SendSpaceWizard" = SendSpace Wizard
"TIMELEFT3_is1" = TimeLeft
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.11
"WebDictate" = Web Dictate
"WinLiveSuite" = Windows Live Essentials
"Writer's Café_is1" = Writer's Café 1.29
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3193659525-3005963473-860001992-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Amazon Kindle" = Amazon Kindle
"CC Magic" = CC Magic
"e8613826cf099a2d" = FOCUS
"FileZilla Client" = FileZilla Client 3.5.2
"Five9 Agent" = Five9 Agent
"FreeScreenSharing" = FreeScreenSharing
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"oDVT" = oDesk Team
"StartMeeting" = StartMeeting
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/3/2013 10:02:10 AM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0
Description =
 
Error - 7/3/2013 9:43:36 PM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0
Description =
 
Error - 7/4/2013 2:04:55 AM | Computer Name = Z9222 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/4/2013 10:42:45 AM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0
Description =
 
Error - 7/4/2013 7:54:22 PM | Computer Name = Z9222 | Source = Toshiba App Place | ID = 0
Description =
 
Error - 7/5/2013 3:18:42 AM | Computer Name = Z9222 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/5/2013 6:39:48 AM | Computer Name = Z9222 | Source = TestWorker | ID = 131073
Description =
 
[ System Events ]
Error - 7/3/2013 9:42:59 PM | Computer Name = Z9222 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:41:37 PM on ?7/?3/?2013 was unexpected.
 
Error - 7/3/2013 9:44:01 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
 Security Center Service service to connect.
 
Error - 7/3/2013 9:44:01 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
 following error:   %%1053
 
Error - 7/3/2013 9:44:37 PM | Computer Name = Z9222 | Source = bowser | ID = 8003
Description =
 
Error - 7/4/2013 10:43:16 AM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
 Security Center Service service to connect.
 
Error - 7/4/2013 10:43:16 AM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
 following error:   %%1053
 
Error - 7/4/2013 7:53:53 PM | Computer Name = Z9222 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:42 PM on ?7/?4/?2013 was unexpected.
 
Error - 7/4/2013 7:54:53 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
 Security Center Service service to connect.
 
Error - 7/4/2013 7:54:53 PM | Computer Name = Z9222 | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
 following error:   %%1053
 
 
< End of report >
 

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found

  FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="

  O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found

  :files

  C:\Program Files (x86)\BitTorrentBar

  ipconfig /flushdns /c

  :Commands

  [emptytemp]

  [clearallrestorepoints]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles