I'm screwed

Started by ImScrewed, May 26, 2014, 03:46:44 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5
User actions

ImScrewed

#30
May 27, 2014, 12:49:23 AM
Got security check to work... Here's the results.

Results of screen317's Security Check version 0.99.83 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware   
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
JavaFX 2.1.1   
Java(TM) 6 Update 20 
Java 7 Update 25 
Java version out of Date!
  Adobe Flash Player 11.7.700.224 Flash Player out of Date! 
Adobe Reader 10.1.6 Adobe Reader out of Date! 
Mozilla Firefox (28.0)
Google Chrome 27.0.1453.110 
Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent````````[/u] 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe   
McAfee Online Backup MOBK400backup.exe   
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

Corrine

#31
May 27, 2014, 01:01:51 AM
Good job!  That was because of the fix by RKill!

Since Donna is leading the pack in helping you recover, I'll just step in with something for you to do while she is handling other things.   As you can see from Security Check, you have some outdated/vulnerable software installed. 

1.  Let's start with Java since it is a major source of malware.  So, let's start with uninstalling the outdated versions:

Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 20
JavaFX 2.1.1

Personally, I have no need for Java on my computer.  See Java, The Never-Ending Saga.  If you decide to remove Java completely, also uninstall Java 7 Update 25.  On the other hand, if you wish to keep it, please update to the latest version:  Java Version 7 Update 55Note:  UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

2.  Please update Adobe Flash Player to the latest version.  Following are direct download links for both IE and Firefox:

Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_plugin.exe
Windows XP, Vista and 7:  Flash Player For Internet Explorer 7, 8, 9, 10, 11:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_active_x.exe

3.  The current version of Adobe Reader XI (11.0.06) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.  However, as Adobe Reader is also frequently targeted by malware writers, if you prefer, you can replace Adobe Reader with Sumatra PDF.  Replacing Adobe Reader with Sumatra PDF.

Note:  Donna is running into issues with the weather and will be here when the storms abate.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#32
May 27, 2014, 02:15:53 AM
I've heard from Donna and her connection is sporadic so while she had a chance, she passed along what her plans are.  In fact, her goal was to have you do next just what I asked.  So, we're right on track.

After you've updated those programs, please follow the instructions below.  Take your time, it can wait for tomorrow since we're all winding down for the day.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click AdwCleaner.exe to run the tool.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

ImScrewed

#33
May 27, 2014, 02:36:41 AM
Its running now - but in the meantime... When I'm done for the night is it necessary to shut down my computer so it doesn't get infected further or something?

ImScrewed

#34
May 27, 2014, 02:39:45 AM
# AdwCleaner v3.211 - Report created 26/05/2014 at 19:34:29
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : C:\Users\Tara\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\searchplugins\bingp.xml
File Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\searchplugins\Search_Results.xml
File Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\user.js
File Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\user.js
File Found : C:\windows\System32\Tasks\AppCloudUpdater
File Found : C:\windows\SysWOW64\conduitEngine.tmp
File Found : C:\windows\Tasks\AppCloudUpdater.job
Folder Found : C:\Program Files (x86)\Alawar
Folder Found : C:\Program Files (x86)\BearShare Applications
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Free Ride Games
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\Search Results Toolbar
Folder Found : C:\ProgramData\Alawar
Folder Found : C:\ProgramData\Alawar Stargaze
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Free Ride Games
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Public\Documents\AlawarWrapper
Folder Found : C:\Users\Tara\AppData\Local\AlawarWrapper
Folder Found : C:\Users\Tara\AppData\Local\apn
Folder Found : C:\Users\Tara\AppData\Local\Conduit
Folder Found : C:\Users\Tara\AppData\Local\PackageAware
Folder Found : C:\Users\Tara\AppData\Local\SearchProtect
Folder Found : C:\Users\Tara\AppData\Local\SwvUpdater
Folder Found : C:\Users\Tara\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Tara\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tara\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Tara\AppData\LocalLow\searchresultstb
Folder Found : C:\Users\Tara\AppData\LocalLow\wincoreimband
Folder Found : C:\Users\Tara\AppData\Roaming\Alawar
Folder Found : C:\Users\Tara\AppData\Roaming\AppCloudUpdater
Folder Found : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\Smartbar
Folder Found : C:\Users\Tara\Documents\Alawar
Folder Found : C:\windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppCloudUpdater
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\mediabarim
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\ClickConnect
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppCloudUpdater
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AppCloudUpdater
Key Found : [x64] HKCU\Software\ClickConnect
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hitman_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hitman_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : [x64] HKLM\SOFTWARE\Software
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page] - hxxp://search.bearshare.net

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\prefs.js ]

Line Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.FirstTime", "true");
Line Found : user_pref("CT3289847.FirstTimeFF3", "true");
Line Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.UserID", "UN13372464372673724");
Line Found : user_pref("CT3289847.UserId.enc", "NmVlYjViN2MtNTBjMi0zZGQzLTE0YzYtNWI2YzUxNTBkZjUy");
Line Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3289847.autoDisableScopes", -1);
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3289847.defaultSearch", "true");
Line Found : user_pref("CT3289847.enableAlerts", "true");
Line Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3289847.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3289847.fixPageNotFoundError", "true");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3289847.fixUrls", true);
Line Found : user_pref("CT3289847.fullUserID", "UN13372464372673724.UP.20130624042739");
Line Found : user_pref("CT3289847.homepageuserchanged", true);
Line Found : user_pref("CT3289847.hxxp___api15_starwebnet_com.pid2.enc", "MzAyYzFjZjEyNDI1ZTU3MQ==");
Line Found : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "MzAyYzFjZjEyNDI1ZTU3MQ==");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1IiwiMjM1MWY2MDBiZjYyMTAyYzU[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wbmciLCJpbWFnZWhvdmVyIjoiaW[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiaHR0cDovL2FwaS5qb2xseXdhbGxldC5jb20vYWZmaWxpYXRlL2luaXQiLCJxdWVyeVVybCI6Imh0dHA6Ly9hcGkuam9sbHl3YWxs[...]
Line Found : user_pref("CT3289847.installDate", "15/3/2013 19:41:23");
Line Found : user_pref("CT3289847.installId", "9818");
Line Found : user_pref("CT3289847.installType", "conduitnsisintegration");
Line Found : user_pref("CT3289847.installerVersion", "1.3.6.5");
Line Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289847.keyword", true);
Line Found : user_pref("CT3289847.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3289847.mam_gk_Coming_Up_Next_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_Easytobook_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_Find-a-Pro_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_JobsMiner_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_PriceGong_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_SundaySky_appState.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2MzQwMTcwMTI0OQ==");
Line Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlN1bmRheVNreSIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjI4MjY2NTk1LTZiMDYtNGZlYS05NWUwLTA1YzgzOTllYzBlNCIsImRvbWFpbnMiOls[...]
Line Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Found : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI1ZGJhZTRlYi00ZWMxLTRkMGUtOWYzMS02MjUwMDhlN2YwZDEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiNWRiYWU0ZWItNGVjMS00Z[...]
Line Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Line Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2MzQwMTY5Njg4Mg==");
Line Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTcyXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_userId.enc", "ODhhODcxYTctZGE1ZC00MTNhLTg1YjAtMmJiNTBkNTJlYTE4");
Line Found : user_pref("CT3289847.mam_gk_user_apps_selection.enc", "");
Line Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Frouterlogin.net%2Fstart.htm\",\"EB_MAIN_FRAME_TITLE\":\"NETGEAR%20Router%20WNR1000v3\",\"EB_[...]
Line Found : user_pref("CT3289847.openThankYouPage", "false");
Line Found : user_pref("CT3289847.openUninstallPage", "true");
Line Found : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=&q=");
Line Found : user_pref("CT3289847.revertSettingsEnabled", "true");
Line Found : user_pref("CT3289847.sac-country-code.enc", "IlVTIg==");
Line Found : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MzQwMTcwMTIzMiwxNDQwMDAwMF19");
Line Found : user_pref("CT3289847.sac-user-ab-groups.enc", "eyJmZWVkIjo3LCJob3Zlcl9lZmZlY3QiOjg5LCJjYWxsX3RvX2FjdGlvbiI6MjcsInBsYWNlbWVudCI6NTUsImltYWdlX2FuYWx5c2lzIjo2NSwidHJpZ2dlciI6MTZ9");
Line Found : user_pref("CT3289847.sac-user-id.enc", "IjQ1OTdjY2Y3LWU5MTctNDkyMS1hYmY1LWQ1ZDZhZWUxNmRiMCI=");
Line Found : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2MzQwMTcwMTIxMw==");
Line Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Found : user_pref("CT3289847.search.searchCount", "0");
Line Found : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3289847.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://whitesmokenew.ourtoolbar.com//xpi\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New \"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1387670880461");
Line Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363401690522");
Line Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1363401690236");
Line Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363401690122");
Line Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1372032618451");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1364139568472");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368571453491");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372031922678");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374431145751");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377643288723");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378768457669");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380109371748");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382400202197");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.21.1.507_lastUpdate", "1387670874084");
Line Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363401690168");
Line Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1387670879549");
Line Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1387670874074");
Line Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1363401690530");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363401690076");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1387670876745");
Line Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1387670875927");
Line Found : user_pref("CT3289847.settingsINI", true);
Line Found : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3289847.showToolbarPermission", "false");
Line Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289847.smartbar.homepage", true);
Line Found : user_pref("CT3289847.smartbar.isHidden", true);
Line Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Found : user_pref("CT3289847.startPage", "true");
Line Found : user_pref("CT3289847.toolbarBornServerTime", "16-3-2013");
Line Found : user_pref("CT3289847.toolbarCurrentServerTime", "13-11-2013");
Line Found : user_pref("CT3289847.toolbarDisabled", "true");
Line Found : user_pref("CT3289847.toolbarLoginClientTime", "Sun Mar 24 2013 13:02:28 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3289847.wreck-country-code.enc", "IlVTIg==");
Line Found : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYzNDAxNzAxMTYwLDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3289847.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjE4LCJ0cmlnZ2VyIjo4LCJob3Zlcl9lZmZlY3QiOjkzfQ==");
Line Found : user_pref("CT3289847.wreck-user-id.enc", "IjQzNjQyZWQyLTczYmQtNDM3OC1hZTkzLTc0ZTI2MjIzMGZiZSI=");
Line Found : user_pref("CT3289847.ytt-mam-test-ol-ts.enc", 1897266618);
Line Found : user_pref("CT3289847.ytt-mam-test-uid-ol.enc", "NzMwMGM2YjctNzJmNy00MTE5LWFhMTItOTlhMDg1ODM1MWI2");
Line Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387671797673,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN13372464372673724&UM=2&UP=SPF53D4815-EC20-4489-BD17-1C2DB47FD0CC");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=1335232624584329&o=APN10653&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN13372464372673724&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.machineId", "CUHFQG6HFYROFXFWE4/56NXL8PSIXTCKYIRXTS6VFVME968R3CBVDFRAIYKXXFOMWWZV1ABXNC97WEF20W/WDW");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/");
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=1335232624584329&o=APN10653&q=");
Line Found : user_pref("smartbar.originalSearchEngine", "Search Results");

[ File : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [29908 octets] - [26/05/2014 19:34:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [29969 octets] ##########

ImScrewed

#35
May 27, 2014, 02:49:54 AM
I forgot to do something... Here's the updated one.

# AdwCleaner v3.211 - Report created 26/05/2014 at 19:42:11
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : C:\Users\Tara\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
  • Folder Deleted : C:\ProgramData\Browser Manager
    Folder Deleted : C:\ProgramData\Free Ride Games
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\Alawar
    Folder Deleted : C:\ProgramData\Alawar Stargaze
    Folder Deleted : C:\ProgramData\AlawarWrapper
    Folder Deleted : C:\Program Files (x86)\BearShare Applications
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Free Ride Games
    Folder Deleted : C:\Program Files (x86)\iMesh Applications
    Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
    Folder Deleted : C:\Program Files (x86)\Alawar
    Folder Deleted : C:\windows\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
    Folder Deleted : C:\Users\Tara\AppData\Local\apn
    Folder Deleted : C:\Users\Tara\AppData\Local\Conduit
    Folder Deleted : C:\Users\Tara\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Tara\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Tara\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Tara\AppData\Local\AlawarWrapper
    Folder Deleted : C:\Users\Tara\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Tara\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Tara\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Tara\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\Tara\AppData\LocalLow\wincoreimband
    Folder Deleted : C:\Users\Tara\AppData\Roaming\AppCloudUpdater
    Folder Deleted : C:\Users\Tara\AppData\Roaming\Alawar
    Folder Deleted : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
    Folder Deleted : C:\Users\Tara\Documents\Alawar
    Folder Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\Smartbar
    Folder Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    File Deleted : C:\END
    File Deleted : C:\windows\SysWOW64\conduitEngine.tmp
    File Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\searchplugins\bingp.xml
    File Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\user.js
    File Deleted : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\user.js
    File Deleted : C:\windows\Tasks\AppCloudUpdater.job
    File Deleted : C:\windows\System32\Tasks\AppCloudUpdater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
    Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
    Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hitman_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hitman_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppCloudUpdater
    Key Deleted : HKCU\Software\ClickConnect
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKLM\Software\GoforFiles
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Trymedia Systems
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppCloudUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
    Key Deleted : [x64] HKLM\SOFTWARE\Software
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]

    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\prefs.js ]

    Line Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
    Line Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
    Line Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.FF19Solved", "true");
    Line Deleted : user_pref("CT3289847.FirstTime", "true");
    Line Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
    Line Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3289847.UserID", "UN13372464372673724");
    Line Deleted : user_pref("CT3289847.UserId.enc", "NmVlYjViN2MtNTBjMi0zZGQzLTE0YzYtNWI2YzUxNTBkZjUy");
    Line Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
    Line Deleted : user_pref("CT3289847.autoDisableScopes", -1);
    Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", true);
    Line Deleted : user_pref("CT3289847.defaultSearch", "true");
    Line Deleted : user_pref("CT3289847.enableAlerts", "true");
    Line Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
    Line Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
    Line Deleted : user_pref("CT3289847.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
    Line Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
    Line Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
    Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
    Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
    Line Deleted : user_pref("CT3289847.fixUrls", true);
    Line Deleted : user_pref("CT3289847.fullUserID", "UN13372464372673724.UP.20130624042739");
    Line Deleted : user_pref("CT3289847.homepageuserchanged", true);
    Line Deleted : user_pref("CT3289847.hxxp___api15_starwebnet_com.pid2.enc", "MzAyYzFjZjEyNDI1ZTU3MQ==");
    Line Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "MzAyYzFjZjEyNDI1ZTU3MQ==");
    Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1IiwiMjM1MWY2MDBiZjYyMTAyYzU[...]
    Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wbmciLCJpbWFnZWhvdmVyIjoiaW[...]
    Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiaHR0cDovL2FwaS5qb2xseXdhbGxldC5jb20vYWZmaWxpYXRlL2luaXQiLCJxdWVyeVVybCI6Imh0dHA6Ly9hcGkuam9sbHl3YWxs[...]
    Line Deleted : user_pref("CT3289847.installDate", "15/3/2013 19:41:23");
    Line Deleted : user_pref("CT3289847.installId", "9818");
    Line Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
    Line Deleted : user_pref("CT3289847.installerVersion", "1.3.6.5");
    Line Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
    Line Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
    Line Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Line Deleted : user_pref("CT3289847.keyword", true);
    Line Deleted : user_pref("CT3289847.lastVersion", "10.21.1.507");
    Line Deleted : user_pref("CT3289847.mam_gk_Coming_Up_Next_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_CouponBuddy_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_Easytobook_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_Find-a-Pro_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_JobsMiner_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_PriceGong_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_SundaySky_appState.enc", "b24=");
    Line Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2MzQwMTcwMTI0OQ==");
    Line Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
    Line Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
    Line Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlN1bmRheVNreSIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjI4MjY2NTk1LTZiMDYtNGZlYS05NWUwLTA1YzgzOTllYzBlNCIsImRvbWFpbnMiOls[...]
    Line Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjMuMg==");
    Line Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI1ZGJhZTRlYi00ZWMxLTRkMGUtOWYzMS02MjUwMDhlN2YwZDEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiNWRiYWU0ZWItNGVjMS00Z[...]
    Line Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
    Line Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
    Line Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Line Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2MzQwMTY5Njg4Mg==");
    Line Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
    Line Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3289847.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTcyXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
    Line Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Line Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
    Line Deleted : user_pref("CT3289847.mam_gk_userId.enc", "ODhhODcxYTctZGE1ZC00MTNhLTg1YjAtMmJiNTBkNTJlYTE4");
    Line Deleted : user_pref("CT3289847.mam_gk_user_apps_selection.enc", "");
    Line Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
    Line Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Frouterlogin.net%2Fstart.htm\",\"EB_MAIN_FRAME_TITLE\":\"NETGEAR%20Router%20WNR1000v3\",\"EB_[...]
    Line Deleted : user_pref("CT3289847.openThankYouPage", "false");
    Line Deleted : user_pref("CT3289847.openUninstallPage", "true");
    Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=&q=");
    Line Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
    Line Deleted : user_pref("CT3289847.sac-country-code.enc", "IlVTIg==");
    Line Deleted : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MzQwMTcwMTIzMiwxNDQwMDAwMF19");
    Line Deleted : user_pref("CT3289847.sac-user-ab-groups.enc", "eyJmZWVkIjo3LCJob3Zlcl9lZmZlY3QiOjg5LCJjYWxsX3RvX2FjdGlvbiI6MjcsInBsYWNlbWVudCI6NTUsImltYWdlX2FuYWx5c2lzIjo2NSwidHJpZ2dlciI6MTZ9");
    Line Deleted : user_pref("CT3289847.sac-user-id.enc", "IjQ1OTdjY2Y3LWU5MTctNDkyMS1hYmY1LWQ1ZDZhZWUxNmRiMCI=");
    Line Deleted : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2MzQwMTcwMTIxMw==");
    Line Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
    Line Deleted : user_pref("CT3289847.search.searchCount", "0");
    Line Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
    Line Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
    Line Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
    Line Deleted : user_pref("CT3289847.searchSuggestEnabledByUser", "true");
    Line Deleted : user_pref("CT3289847.searchUserMode", "2");
    Line Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://whitesmokenew.ourtoolbar.com//xpi\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New \"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1387670880461");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363401690522");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1363401690236");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363401690122");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1372032618451");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1364139568472");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368571453491");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372031922678");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374431145751");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377643288723");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378768457669");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380109371748");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382400202197");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.21.1.507_lastUpdate", "1387670874084");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363401690168");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1387670879549");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1387670874074");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1363401690530");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363401690076");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1387670876745");
    Line Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1387670875927");
    Line Deleted : user_pref("CT3289847.settingsINI", true);
    Line Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
    Line Deleted : user_pref("CT3289847.showToolbarPermission", "false");
    Line Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
    Line Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
    Line Deleted : user_pref("CT3289847.smartbar.homepage", true);
    Line Deleted : user_pref("CT3289847.smartbar.isHidden", true);
    Line Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
    Line Deleted : user_pref("CT3289847.startPage", "true");
    Line Deleted : user_pref("CT3289847.toolbarBornServerTime", "16-3-2013");
    Line Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "13-11-2013");
    Line Deleted : user_pref("CT3289847.toolbarDisabled", "true");
    Line Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Sun Mar 24 2013 13:02:28 GMT-0700 (Pacific Daylight Time)");
    Line Deleted : user_pref("CT3289847.wreck-country-code.enc", "IlVTIg==");
    Line Deleted : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYzNDAxNzAxMTYwLDE0NDAwMDAwXX0=");
    Line Deleted : user_pref("CT3289847.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjE4LCJ0cmlnZ2VyIjo4LCJob3Zlcl9lZmZlY3QiOjkzfQ==");
    Line Deleted : user_pref("CT3289847.wreck-user-id.enc", "IjQzNjQyZWQyLTczYmQtNDM3OC1hZTkzLTc0ZTI2MjIzMGZiZSI=");
    Line Deleted : user_pref("CT3289847.ytt-mam-test-ol-ts.enc", 1897266618);
    Line Deleted : user_pref("CT3289847.ytt-mam-test-uid-ol.enc", "NzMwMGM2YjctNzJmNy00MTE5LWFhMTItOTlhMDg1ODM1MWI2");
    Line Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387671797673,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN13372464372673724&UM=2&UP=SPF53D4815-EC20-4489-BD17-1C2DB47FD0CC");
    Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
    Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=2&q=");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=1335232624584329&o=APN10653&q=");
    Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
    Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
    Line Deleted : user_pref("browser.search.order.1", "Search Results");
    Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
    Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN13372464372673724&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource[...]
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13372464372673724&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.machineId", "CUHFQG6HFYROFXFWE4/56NXL8PSIXTCKYIRXTS6VFVME968R3CBVDFRAIYKXXFOMWWZV1ABXNC97WEF20W/WDW");
    Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/");
    Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=1335232624584329&o=APN10653&q=");
    Line Deleted : user_pref("smartbar.originalSearchEngine", "Search Results");

    [ File : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\prefs.js ]


    -\\ Google Chrome v27.0.1453.110

    *************************

    AdwCleaner[R0].txt - [30162 octets] - [26/05/2014 19:34:29]
    AdwCleaner[S0].txt - [29202 octets] - [26/05/2014 19:42:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29263 octets] ##########

DonnaB

#36
May 27, 2014, 03:07:07 AM
Hi there, (waves). I'm back. Storm has passed and my connection is still a bit slow and sporadic. Thought I'd better get this message in while I can.

I've never been one to leave my computers on over night on a consistence basis. It's up to you if you would like to and if it makes you feel more comfortable, just disconnect it from the internet.

I see rKill was a success. (Lil Bambi deserves credit for that suggestion)  :wink:

Wow! AdwCleaner removed a lot of stuff. That'll certainly make the job easier.

Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next:

This scan is to see if there are any leftovers that the programs above may have missed:

Please download OTL to your Desktop
  • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please the following logs in your next reply:

OTL.txt
Extras.txt
JRT.txt

Thank you! :)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

ImScrewed

#37
May 27, 2014, 03:09:00 AM
by protection software you mean antivirus?

DonnaB

#38
May 27, 2014, 03:19:09 AM
Yes. I'm sorry. I need to change that part of my saved speech. Protection software can cover many other programs as well.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

ImScrewed

#39
May 27, 2014, 03:24:12 AM
how do i disable that?

ImScrewed

#40
May 27, 2014, 03:38:41 AM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tara on Mon 05/26/2014 at 20:09:14.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSaturationToolbar_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSaturationToolbar_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSaturationToolbar_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSaturationToolbar_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5068DA68-7BE4-BF9D-588B-57C9B6A64CAD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{618F7E92-73E2-4C89-8D02-A41068FB2DE7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8991C6C9-AA5B-4B6B-B226-6C9724EA3126}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5068DA68-7BE4-BF9D-588B-57C9B6A64CAD}



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho8C1D.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{14E35F7E-1CA0-4E1D-890A-2790F18A3032}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{16DD5499-DD41-46C1-B540-E2857626A362}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{3C7E1CD4-F7AE-4230-8EEA-AEC3225A66DC}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{424BAE47-BFE3-42E7-88EE-D9FF84BCA94A}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{486552E4-742D-4BA6-A607-D25A92E3FA20}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{4CE25CDE-E270-4A07-8E09-92FC407494B8}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{568CEFB0-C4E1-42F2-923F-DF8D91FC113A}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{BDD9863C-7A0A-441F-A779-787B066FDEC6}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{BE4CE4DD-A14B-4FE9-B6D7-44AAD106BDF9}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{DB51AD6E-D266-4C41-9F77-A4A5571257E1}
Successfully deleted: [Empty Folder] C:\Users\Tara\appdata\local\{E1CE079A-038A-4088-9A1A-97707D1FBD72}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Tara\AppData\Roaming\mozilla\firefox\profiles\a5sfeepy.default\minidumps [472 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/26/2014 at 20:21:59.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL Extras logfile created on: 5/26/2014 8:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tara\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.02% Memory free
7.90 Gb Paging File | 5.72 Gb Available in Paging File | 72.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.57 Gb Total Space | 359.74 Gb Free Space | 79.84% Space Free | Partition Type: NTFS

Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.com [@ = comfile] -- "%1" %*
.cpl [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- "%1" %*
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1714F6D1-57E0-41EF-9C4D-57B595ACCD3B}" = rport=139 | protocol=6 | dir=out | app=system |
"{17378328-E650-44CE-B2B7-343BB0C4B558}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E53C0DD-329A-4168-A6E9-107AABD9D816}" = lport=137 | protocol=17 | dir=in | app=system |
"{449A6A0D-90EB-46A6-A688-034FCF22F6A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44C080AF-1615-4EA0-B29F-EEE755025C39}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F616E87-78AB-46FD-A95A-4992D8473BBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50FEFE1F-1387-4588-904E-04B04BA4762D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F310843-D8F8-4EA5-84EB-FDD9EE6AF944}" = rport=445 | protocol=6 | dir=out | app=system |
"{6215ACE6-9DC0-40C1-AD40-0E87BFD10308}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66D8F4D8-1599-4FEB-A499-6C1B95A1E722}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67460684-64A3-4958-ABB0-7249FAA43428}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67603F5A-9AFB-4733-9877-9B42C9EB43C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74CD81AD-FB6D-483A-A2F3-D43DCE6CBB3D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{76C7C650-EFC9-4650-AF3A-C80E364F6BEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{778199AE-F46F-4BE0-97E3-EB208E775586}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7CB07647-859D-4B5C-A00C-61C158108DE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DD7A87A-EE79-4B6F-BFC8-B56CF33B49AF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8469B85B-A473-470F-8D79-555B2340F76D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85179119-2DEB-4935-A55B-590AB0F6CCE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87D8F710-B6D8-4F00-B4B7-B4F4ADE42432}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{924C3266-E17F-4B85-86A6-A15A032698F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92CE453A-CEE4-4AA7-98C7-52E5324D739E}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C3E36FF-DD9B-42BA-B08E-DEBC37A9F4BD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A63EED1C-DDA6-4B0A-BD11-8675521EB5FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A79952B4-C088-4FBD-82F7-069725E8460D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B52BD2BA-E574-4945-B387-47D4491A84CD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC450C2A-629D-4CA4-B6C6-8D60053ABCB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8BC1014-0B6F-42C0-8518-954E4BBAB057}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5AECE63-C13D-4C0D-98A1-7ED916AFD5D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{E11B8BBA-C3D6-4FB2-B083-143C5E35998F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBDF6116-F742-4A15-A0AE-C4D8902F091B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3336C77-3DF2-4830-9290-8E5C93074AF5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9377481-7C1F-4121-ACDB-F7B004339CAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024102E0-38EB-4EB5-AB30-483EBD8AA377}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06905B5D-B58B-4D4E-AAF7-87AA239EC97A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{08F409FC-CC28-43EE-8D16-BC6E4DA93E3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0AA6B54B-866F-47EA-9C1E-8D83FA071A29}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0EAE87C3-16ED-444B-9E2E-90B40D85E06A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{19F46610-43D0-46FA-90F9-746B74A4514A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2288003E-06AE-4F44-B1A6-B5D6DB9E7DAD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{242B387A-8218-4E29-922A-2E11483E9115}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{30FAE3DE-5E1D-4B15-8396-E7A1BBE680A8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{499ADF14-2862-4D84-AE54-72D63D0AE9F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A9008D0-84C7-4DD2-88A4-1921501E6886}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5065B29F-D7FE-4EDA-BCF0-EEB31687F6E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{53CA709D-1DFA-4539-911B-1843A4EE5656}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A5614A5-754E-457B-B190-ADE7B7FBF961}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B888259-AC2B-46D6-853F-B243D265A506}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5ED5DD6E-4F49-4442-93C2-9FDB9AE71E8B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{742CCE9D-5F1F-4BD4-880F-964119E9F72B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{744AD6FC-526C-44AA-A620-9D81BD5563E3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{77292F42-4FCC-4A63-A687-9B38382BC72E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78274121-28A5-4ACD-B26C-1377E2307A13}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7A169B4D-DFAB-40EC-8DFA-2BE07F45AA4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8555E8F4-2D49-4116-8B3B-583E4A9E83B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8AC5737D-6F4F-4B68-9E34-E5089C5D87C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F811FE1-ECDA-4000-8626-3FD3E506FF2C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{965DA436-42B8-4824-BFDA-46246EFCE520}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F5C260-D31F-4D9A-B6DC-1EFA5C4A4871}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{99D553DC-AAE6-4427-8547-D97238F4D1C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8EC1910-CF30-4EE4-A9A4-22F93B4903E3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B394006C-0E9F-4C0A-B13B-8F4DCFCB06A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEA0B188-EB70-4CE2-B635-052086D01A4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3F189E4-4729-4F26-9647-63DCF2893697}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C89D94C8-7B9E-48E3-874A-A5BC6343CD8A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D2ED9A42-9D1F-40E3-A52D-05D4A8E2024B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC0290A8-CB29-40D5-8253-038F6590BA78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC42ABB1-3D81-40C3-B423-1F234963057B}" = protocol=6 | dir=out | app=system |
"{E432673E-4463-4BCA-82AB-8AA7CCCB553D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0971B9B-6C0D-48DC-9395-6A433215CD4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F3DCD8A7-07F7-4C77-9154-4D7203A434BB}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{F7ACA15C-C293-4484-9A8F-C961EE19BF9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1868FFC7-A87C-1391-8D08-22A62FC3F933}" = McAfee Online Backup
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BBE4C53-634B-44B3-8693-314ED6260557}" = Adobe Flash Player 13 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"am-housemd" = House, M.D.
"BFGC" = Big Fish: Game Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office Depot PC Support Agent" = Office Depot PC Support Agent
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PlaneShift 0.5.9.11" = PlaneShift
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"SumatraPDF" = SumatraPDF
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox Packages" = Mozilla Firefox Packages

< End of report >




OTL logfile created on: 5/26/2014 8:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tara\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.02% Memory free
7.90 Gb Paging File | 5.72 Gb Available in Paging File | 72.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.57 Gb Total Space | 359.74 Gb Free Space | 79.84% Space Free | Partition Type: NTFS

Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/26 20:08:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Downloads\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/22 02:47:18 | 001,005,144 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
PRC - [2013/12/06 07:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/12/06 07:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2013/12/06 07:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/10/08 00:47:22 | 000,590,424 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Office Depot PC Support Agent\escont.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/02/03 12:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/03/02 15:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 18:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/05/26 19:43:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/26 18:08:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/01/22 02:47:18 | 001,005,144 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2013/12/06 07:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/06 07:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/03 12:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/02/03 12:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/01 02:05:50 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe -- (MOBK400backup)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/26 19:48:25 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/06 07:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/20 01:44:56 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/01 02:04:46 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK400.sys -- (MOBK400Filter)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNativ

DonnaB

#41
May 27, 2014, 03:56:48 AM
Quote from: ImScrewed on May 27, 2014, 03:24:12 AM
how do i disable that?

Oh my. I stepped away from my computer for a minute. Looks like you did just fine.

I need to ask you to post the OTL.txt in it's own post. The log was too long to post with the Extras.txt and it got cut off at the bottom.  The Extras.txt posted just fien so I don;t need you to repost that log.

It'll take me some time to review the logs and since I do not have to work tomorrow, I'll have plenty of time to prepare my next set of instructions and have them ready for you in the morning.

By the way, how is the computer behaving now?
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

ImScrewed

#42
May 27, 2014, 04:09:43 AM
The computer is running better, but definitely still pretty slow. I have to run the OTL thing again because I clicked out of the notepad file and shut down my computer and I don't know how to access the log again.

DonnaB

#43
May 27, 2014, 04:14:19 AM
It should be saved somewhere. Click on your Start orb and type OTL.txt into the Start Search field. If it was saved, it will be found in the list. Just right click and copy then paste into a reply box.  :thumbsup:

If none is found, running the scan again will be fine.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

ImScrewed

#44
May 27, 2014, 04:19:48 AM
Here ya go... Had to run it again! Thanks for your help and have a great night :) Talk to you tomorrow!



OTL logfile created on: 5/26/2014 9:06:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tara\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 55.39% Memory free
7.90 Gb Paging File | 5.80 Gb Available in Paging File | 73.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.57 Gb Total Space | 360.77 Gb Free Space | 80.07% Space Free | Partition Type: NTFS

Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/26 21:05:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Downloads\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/22 02:47:18 | 001,005,144 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
PRC - [2013/12/06 07:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/12/06 07:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2013/12/06 07:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/02/03 12:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/03/02 15:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 18:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/05/26 19:43:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/26 18:08:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/01/22 02:47:18 | 001,005,144 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2013/12/06 07:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/06 07:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/03 12:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/02/03 12:41:46 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/01 02:05:50 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe -- (MOBK400backup)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/26 21:03:31 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/06 07:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/20 01:44:56 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/01 02:04:46 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK400.sys -- (MOBK400Filter)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{838CB7AD-2B09-48FE-83BA-C26E53BEB53C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{38433D5D-AC7B-4014-8AC3-483B618DB7A6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U011&ocid=U011DHP
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes\{090674BF-9B28-4B3D-8003-CA07A2F81EB3}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes\{38433D5D-AC7B-4014-8AC3-483B618DB7A6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\SearchScopes\{84FF1EEF-76D5-4195-9258-A053DC673A8F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=U011&ocid=U011DHP|http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U011DF&PC=U011&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/08/27 12:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/08/27 12:33:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/05/26 11:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014/05/26 11:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 19:30:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 19:30:29 | 000,000,000 | ---D | M]

[2013/03/15 19:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
[2014/05/26 19:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\extensions
[2014/02/21 08:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\extensions
[2012/10/28 14:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
[2012/11/14 05:50:45 | 000,000,000 | ---D | M] (DealCabby) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\aj7keznh.default\extensions\dealcabby@jetpack
[2014/05/26 18:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/26 18:09:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130306044013.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130306044014.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A43EBDD3-48B5-40BD-823A-33D12887DF5B}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1A45C19-E8CA-46E7-9074-5B034FD91C34}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1415600-D1C6-4200-A49E-1AE36876E9E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6cf4159e-ceba-11e1-bec8-e89a8f795834}\Shell - "" = AutoRun
O33 - MountPoints2\{6cf4159e-ceba-11e1-bec8-e89a8f795834}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{a51ef13f-c80b-11e2-8896-e89a8f795834}\Shell - "" = AutoRun
O33 - MountPoints2\{a51ef13f-c80b-11e2-8896-e89a8f795834}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{e43f7cc4-4bb7-11e2-b7a3-e89a8f795834}\Shell - "" = AutoRun
O33 - MountPoints2\{e43f7cc4-4bb7-11e2-b7a3-e89a8f795834}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/26 21:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/26 20:54:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/26 20:54:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/26 20:09:08 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/26 19:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/05/26 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/05/26 19:38:14 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Secunia PSI
[2014/05/26 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/05/26 19:35:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/26 19:34:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/26 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF
[2014/05/26 18:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/26 16:59:29 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/26 16:04:11 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/05/26 16:04:10 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/05/26 16:04:04 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/05/26 16:03:57 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/05/26 16:03:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/05/26 16:03:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/26 16:03:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/05/26 16:03:54 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/05/26 16:03:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/05/26 16:03:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/05/26 16:03:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/05/26 16:03:52 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/05/26 16:03:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/05/26 16:03:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/05/26 16:03:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/05/26 16:03:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/05/26 16:03:51 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/05/26 16:03:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/05/26 16:03:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/26 16:03:48 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/05/26 16:03:48 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/05/26 16:03:48 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/05/26 16:03:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/05/26 16:03:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/05/26 16:03:47 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/26 16:03:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/05/26 16:03:44 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/05/26 16:03:43 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/05/26 16:03:41 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/05/26 16:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/26 13:53:34 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/05/26 13:53:34 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/05/26 13:53:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/05/26 13:53:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/05/26 13:52:16 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/26 13:52:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/26 13:52:08 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/05/26 13:52:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/05/26 13:52:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/05/26 13:52:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/05/26 13:52:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/05/26 13:52:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/05/26 13:52:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/05/26 13:52:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/05/26 13:52:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/05/26 13:51:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/05/26 13:50:22 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/26 13:50:17 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/26 13:50:16 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/26 13:50:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/26 13:50:14 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/26 13:50:13 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/26 13:50:11 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/26 13:50:10 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/26 13:50:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/26 13:50:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/26 13:50:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/26 13:50:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/26 13:50:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/26 13:50:05 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/26 13:50:05 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/26 13:50:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/26 13:50:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/26 13:50:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/26 13:50:03 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/26 13:50:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/26 13:50:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/26 13:50:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/26 13:50:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/26 13:38:27 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/26 13:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/26 13:34:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/26 13:34:58 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/26 13:34:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/26 13:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/26 13:34:03 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Tara\Desktop\mbam-setup-2.0.2.1012.exe
[2014/04/30 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\noah
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/26 21:11:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/26 21:10:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 21:10:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 21:08:38 | 000,783,376 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/26 21:08:38 | 000,663,094 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/26 21:08:38 | 000,122,672 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/26 21:03:31 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/26 21:01:55 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/26 21:01:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/26 21:01:08 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 19:57:56 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/26 19:43:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/26 19:43:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/26 19:41:13 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/05/26 19:38:01 | 000,001,081 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2014/05/26 15:23:10 | 000,854,367 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2014/05/26 13:35:09 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/26 13:34:03 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tara\Desktop\mbam-setup-2.0.2.1012.exe
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/08 23:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/08 23:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/05 20:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/05 19:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/26 19:41:13 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2014/05/26 19:41:03 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/26 19:38:01 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2014/05/26 19:38:01 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2014/05/26 19:29:13 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2014/05/26 15:23:10 | 000,854,367 | ---- | C] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2014/05/26 13:35:09 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 16:18:30 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2013/03/01 18:37:18 | 000,000,113 | ---- | C] () -- C:\windows\wininit.ini
[2012/08/31 17:41:45 | 000,103,784 | ---- | C] () -- C:\Users\Tara\GoToAssistDownloadHelper.exe
[2012/03/02 19:29:23 | 000,004,608 | ---- | C] () -- C:\Users\Tara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/27 12:03:07 | 000,027,750 | ---- | C] () -- C:\ProgramData\xportnchk.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:DC9915D2
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B50AD807
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B5810C71
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F

< End of report >
Print
Go Up Pages 1 2 3 4 5
User actions