Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Kristen White (administrator) on KRISTEN on 19-12-2014 22:00:56 Running from C:\Users\Kristen White\Downloads Loaded Profile: Kristen White (Available profiles: Kristen White & Guest) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (BitTorrent Inc.) C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe () C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\jre\bin\java.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe (Thisisu) C:\Users\Kristen White\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1086848 2012-04-30] (FileOpen Systems Inc.) HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-27] (TOSHIBA) HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [cfFncEnabler.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation) HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [283792 2010-11-20] (Carbonite, Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [626688 2010-12-02] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Run: [Google Update] => C:\Users\Kristen White\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.) HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation) HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Run: [GoogleChromeAutoLaunch_5DFC549E6620A000F91C82F3D4A8D03C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.) HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Run: [BitTorrent] => C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.) HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {34fee7bb-d0b3-11e2-af0f-001e33ca2ded} - F:\VZW_Software_upgrade_assistant_installer.exe HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {4bab3c51-34ef-11e0-ac4a-001e33ca2ded} - F:\setup.exe -a HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {4bab3e3a-34ef-11e0-ac4a-001e33ca2ded} - E:\DTSP_Launcher.exe HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {6c1dd31f-7250-11e2-aca5-001e33ca2ded} - E:\setup.exe -a HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {7132c698-2aca-11e3-9bd7-001e33ca2ded} - F:\VZW_Software_upgrade_assistant_installer.exe HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {83f46eb0-0996-11e4-aa76-001e33ca2ded} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {c518dfd9-679f-11e4-95be-001e33ca2ded} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\MountPoints2: {e3598b32-168b-11e0-9922-001e33ca2ded} - E:\setup.exe -a HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {E9AA86C9-F4E7-4D81-BA92-AF201D81EDDA} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en SearchScopes: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> {D5042721-6DFD-85DD-AD1C-6B852F3F6275} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll No File Toolbar: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File Toolbar: HKU\S-1-5-21-232412378-3118420049-1387226345-1000 -> No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File DPF: HKLM-x32 {00000130-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/ACELPACM.CAB DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://remote.cmf.org/CACHE/stc/1/binaries/vpnweb.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: [NameServer] 75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{F438E491-54FC-49BC-B94C-01F288683755}: [NameServer] 75.126.206.18,184.173.169.186 FireFox: ======== FF ProfilePath: C:\Users\Kristen White\AppData\Roaming\Mozilla\Firefox\Profiles\vzb6qhcv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll No File FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll No File FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll No File FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @talk.google.com/O1DPlugin -> C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @talk.google.com/O3DPlugin -> C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-232412378-3118420049-1387226345-1000: facebook.com/fbDesktopPlugin -> C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Kristen White\AppData\Roaming\mozilla\plugins\npcoolirisplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Kristen White\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Kristen White\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Kristen White\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-14] FF HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "https://www.google.com/calendar/render?tab=mc", "hxxp://mail.google.com/", "hxxp://google.com/", "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ie&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAtDtByB0D0FtDyD0BzytN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0FyCtD0C0F0C0FtGyC0DtCyCtG0CyEtDtCtG0E0E0FyBtGtA0D0FtBzzyBtC0D0Dzz0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtA0CyB0DtAyBtGtB0EtC0AtGyEtDzyzztGzy0CtA0BtGzzyDzztAzytDtCyE0AzzyE0C2Q&cr=770390248&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll () CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DYMO Label Framework) - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Desktop) - C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25] CHR Extension: (Google Docs) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25] CHR Extension: (Google Drive) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25] CHR Extension: (YouTube) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25] CHR Extension: (Google Search) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25] CHR Extension: (Google Calendar) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-10-25] CHR Extension: (Google Sheets) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25] CHR Extension: (Pin It Button) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-25] CHR Extension: (Google Wallet) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25] CHR Extension: (Gmail) - C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25] CHR HKU\S-1-5-21-232412378-3118420049-1387226345-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KRISTE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed] R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2012-04-30] (FileOpen Systems Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 SyncThru Admin 5; C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe [204800 2011-03-14] () [File not signed] R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed] S4 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] R2 SyncThru Admin 5 Database; C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N "SyncThru Admin 5 Database" -D "C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-10-24] (Samsung Electronics Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-19] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2008-12-30] (Jungo) S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 22:00 - 2014-12-19 22:01 - 00039225 _____ () C:\Users\Kristen White\Downloads\FRST.txt 2014-12-19 22:00 - 2014-12-19 22:01 - 00000000 ___DC () C:\FRST 2014-12-19 22:00 - 2014-12-19 22:00 - 02121216 _____ (Farbar) C:\Users\Kristen White\Downloads\FRST64.exe 2014-12-19 21:56 - 2014-12-19 21:56 - 00001706 _____ () C:\Users\Kristen White\Desktop\JRT.txt 2014-12-19 21:43 - 2014-12-19 21:43 - 00000000 ____D () C:\Windows\ERUNT 2014-12-19 21:42 - 2014-12-19 21:43 - 01707646 _____ (Thisisu) C:\Users\Kristen White\Downloads\JRT.exe 2014-12-19 21:32 - 2014-12-19 21:32 - 00009388 _____ () C:\Users\Kristen White\Desktop\AdwCleaner[S0].txt 2014-12-19 21:03 - 2014-12-19 21:29 - 00000000 ___DC () C:\AdwCleaner 2014-12-19 21:01 - 2014-12-19 21:02 - 02166272 _____ () C:\Users\Kristen White\Downloads\AdwCleaner.exe 2014-12-19 20:43 - 2014-12-19 20:44 - 00169162 _____ () C:\Users\Kristen White\Desktop\KRISTEN.txt 2014-12-19 20:39 - 2014-12-19 20:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-19 20:39 - 2014-12-19 20:39 - 00000000 _____ () C:\Windows\setupact.log 2014-12-19 20:34 - 2014-12-19 20:36 - 05122624 _____ (Piriform Ltd) C:\Users\Kristen White\Downloads\spsetup127.exe 2014-12-17 00:31 - 2014-12-17 00:31 - 00086420 _____ () C:\Users\Kristen White\Downloads\Extras.Txt 2014-12-17 00:26 - 2014-12-17 00:26 - 00137140 _____ () C:\Users\Kristen White\Downloads\OTL.Txt 2014-12-17 00:12 - 2014-12-17 00:12 - 00602112 _____ (OldTimer Tools) C:\Users\Kristen White\Downloads\OTL.exe 2014-12-16 23:38 - 2014-12-16 23:38 - 00602112 _____ (OldTimer Tools) C:\Users\Kristen White\Downloads\Unconfirmed 709921.crdownload 2014-12-12 21:55 - 2014-12-12 21:56 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (9).exe 2014-12-12 21:52 - 2014-12-12 21:52 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (8).exe 2014-12-12 21:29 - 2014-12-12 21:30 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (7).exe 2014-12-12 21:15 - 2014-12-19 21:32 - 00301270 _____ () C:\Windows\PFRO.log 2014-12-12 20:29 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-12 20:29 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-12 20:29 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-12 20:29 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-12 20:29 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-12 20:29 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-12 20:29 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-12 20:29 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-12 20:29 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-12 20:29 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-12 20:29 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-12-12 20:29 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-12 20:29 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-12 20:29 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-12 20:29 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-12 20:29 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-12 20:29 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-12 20:29 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-12 20:29 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-12 20:29 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-12 20:29 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-12 20:29 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-12 20:29 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-12 20:29 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-12 20:29 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-12-12 20:29 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-12 20:29 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-12 20:29 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-12 20:29 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-12 20:29 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-12 20:29 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-12-12 20:29 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-12-12 19:39 - 2014-12-19 21:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-12 19:35 - 2014-12-12 19:35 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-12 19:35 - 2014-12-12 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-12 19:35 - 2014-12-12 19:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-12 19:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-12 19:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-12 19:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-12 19:33 - 2014-12-12 19:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-12 19:30 - 2014-12-12 19:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe.part 2014-11-26 16:58 - 2014-11-26 16:58 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Desktop\anyconnect-win-3.1.05170-web-deploy-k9(1).exe 2014-11-26 16:41 - 2014-11-26 16:41 - 00000859 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-26 16:40 - 2014-11-26 16:40 - 00244120 _____ () C:\Users\Kristen White\Downloads\Firefox Setup Stub 33.1.1.exe 2014-11-26 16:32 - 2014-11-26 16:32 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (6).exe 2014-11-26 16:32 - 2014-11-26 16:32 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (5).exe 2014-11-26 16:19 - 2014-11-26 16:19 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (4).exe 2014-11-26 15:51 - 2014-11-26 15:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-26 15:51 - 2014-11-26 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-26 15:40 - 2014-11-26 15:48 - 29727656 _____ (Oracle Corporation) C:\Users\Kristen White\Downloads\jre-8u25-windows-i586.exe 2014-11-26 15:37 - 2014-11-26 15:37 - 00638888 _____ (Oracle Corporation) C:\Users\Kristen White\Downloads\chromeinstall-8u25 (4).exe 2014-11-26 15:34 - 2014-11-26 15:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-26 15:34 - 2014-11-26 15:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-26 15:28 - 2014-11-26 15:28 - 00638888 _____ (Oracle Corporation) C:\Users\Kristen White\Downloads\chromeinstall-8u25 (3).exe 2014-11-26 14:55 - 2014-11-26 14:55 - 00638888 _____ (Oracle Corporation) C:\Users\Kristen White\Downloads\chromeinstall-8u25 (2).exe 2014-11-24 22:40 - 2014-11-24 22:41 - 03065560 _____ (Cisco Systems, Inc.) C:\Users\Kristen White\Downloads\anyconnect-win-3.1.05170-web-deploy-k9 (3).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 21:59 - 2009-10-12 22:32 - 00000000 ____D () C:\Users\Kristen White\AppData\Roaming\BitTorrent 2014-12-19 21:41 - 2009-06-02 07:31 - 01963305 _____ () C:\Windows\WindowsUpdate.log 2014-12-19 21:40 - 2010-02-20 14:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-19 21:33 - 2009-10-12 22:35 - 00000000 ____D () C:\temp 2014-12-19 21:32 - 2010-02-20 14:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-19 21:32 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-19 21:32 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-19 21:32 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-19 21:30 - 2006-11-02 10:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-19 21:23 - 2010-01-02 19:46 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job 2014-12-19 21:23 - 2010-01-02 19:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job 2014-12-17 02:21 - 2013-02-09 23:10 - 00000000 ____D () C:\Users\Kristen White\AppData\Local\Backup Assistant Plus 2014-12-16 23:48 - 2006-11-02 10:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-12-16 14:00 - 2011-03-18 21:12 - 00000376 _____ () C:\Windows\Tasks\At1.job 2014-12-13 03:18 - 2009-06-02 06:33 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-13 03:17 - 2013-07-16 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-13 03:07 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-12-12 19:35 - 2010-06-28 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-12 19:20 - 2012-05-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-26 16:41 - 2014-03-24 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-26 16:41 - 2011-05-17 21:43 - 00000871 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-26 15:51 - 2014-11-10 20:13 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-26 15:50 - 2009-05-03 01:34 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-26 15:32 - 2013-07-16 18:50 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-26 15:25 - 2011-08-26 02:01 - 00001837 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-11-23 15:06 - 2011-04-14 20:01 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-11-22 14:50 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI Files to move or delete: ==================== C:\Users\Kristen White\CTX.DAT C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\Kristen White\AppData\Local\Temp\201411241039040jniverify.dll C:\Users\Kristen White\AppData\Local\Temp\20141126024551873jniverify.dll C:\Users\Kristen White\AppData\Local\Temp\Quarantine.exe C:\Users\Kristen White\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-19 21:44 ==================== End Of Log ============================