Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop ups [Solved]

Malware

  • This topic is locked This topic is locked

#1
Stephen Stato

Stephen Stato

    Member

  • Member
  • PipPip
  • 17 posts

Hi

 

I have a recurrence of what i believe to be a Malware problem. Lots of links pop up all over my screen linking me to win something or enlarge something.

Computer has slowed down in general also.

Here is the OTL Results

 

OTL logfile created on: 5/26/2014 6:00:10 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
3.91 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 35.27% Memory free
7.82 Gb Paging File | 4.15 Gb Available in Paging File | 53.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 5.67 Gb Free Space | 3.81% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 111.79 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
 
Computer Name: LISA-OSUL | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/26 17:59:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2014/05/25 13:06:39 | 002,587,288 | ---- | M] (© 2013 Microsoft Corporation) -- C:\Users\Lisa\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe
PRC - [2014/05/15 22:38:02 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/05/14 00:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 18:57:06 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Lisa\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/05/12 18:39:25 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/05/09 01:40:44 | 033,312,680 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/30 18:27:51 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/10/26 16:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/01 12:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/08/16 09:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/25 13:06:40 | 000,362,029 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Microsoft\DefaultSetup\sqlite3.dll
MOD - [2014/05/23 07:47:24 | 000,043,008 | ---- | M] () -- c:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphc5fvj.dll
MOD - [2014/05/23 07:46:25 | 001,159,680 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_ssl.pyd
MOD - [2014/05/23 07:46:25 | 001,062,400 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._controls_.pyd
MOD - [2014/05/23 07:46:25 | 000,811,008 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._windows_.pyd
MOD - [2014/05/23 07:46:25 | 000,805,888 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._gdi_.pyd
MOD - [2014/05/23 07:46:25 | 000,713,216 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_hashlib.pyd
MOD - [2014/05/23 07:46:25 | 000,686,080 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\unicodedata.pyd
MOD - [2014/05/23 07:46:25 | 000,127,488 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\pyexpat.pyd
MOD - [2014/05/23 07:46:25 | 000,110,080 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\PyWinTypes27.dll
MOD - [2014/05/23 07:46:25 | 000,108,544 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32security.pyd
MOD - [2014/05/23 07:46:25 | 000,070,656 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._html2.pyd
MOD - [2014/05/23 07:46:25 | 000,038,912 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32inet.pyd
MOD - [2014/05/23 07:46:25 | 000,035,840 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32process.pyd
MOD - [2014/05/23 07:46:25 | 000,027,136 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_multiprocessing.pyd
MOD - [2014/05/23 07:46:25 | 000,025,600 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32pdh.pyd
MOD - [2014/05/23 07:46:25 | 000,024,064 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32pipe.pyd
MOD - [2014/05/23 07:46:25 | 000,018,432 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32event.pyd
MOD - [2014/05/23 07:46:25 | 000,017,408 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32profile.pyd
MOD - [2014/05/23 07:46:25 | 000,010,240 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\select.pyd
MOD - [2014/05/23 07:46:24 | 001,175,040 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._core_.pyd
MOD - [2014/05/23 07:46:24 | 000,557,056 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\pysqlite2._sqlite.pyd
MOD - [2014/05/23 07:46:24 | 000,525,640 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/23 07:46:24 | 000,364,544 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\pythoncom27.dll
MOD - [2014/05/23 07:46:24 | 000,320,512 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32com.shell.shell.pyd
MOD - [2014/05/23 07:46:24 | 000,167,936 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32gui.pyd
MOD - [2014/05/23 07:46:24 | 000,128,512 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_elementtree.pyd
MOD - [2014/05/23 07:46:24 | 000,119,808 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32file.pyd
MOD - [2014/05/23 07:46:24 | 000,098,816 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32api.pyd
MOD - [2014/05/23 07:46:24 | 000,087,552 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_ctypes.pyd
MOD - [2014/05/23 07:46:24 | 000,078,336 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._animate.pyd
MOD - [2014/05/23 07:46:24 | 000,045,568 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\_socket.pyd
MOD - [2014/05/23 07:46:24 | 000,022,528 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32ts.pyd
MOD - [2014/05/23 07:46:22 | 000,735,232 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._misc_.pyd
MOD - [2014/05/23 07:46:20 | 000,122,368 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\wx._wizard.pyd
MOD - [2014/05/23 07:46:20 | 000,011,264 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI46002\win32crypt.pyd
MOD - [2014/05/15 22:24:36 | 000,344,064 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/05/15 22:21:24 | 000,253,440 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/05/15 22:20:58 | 000,231,936 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/05/15 22:20:54 | 000,117,248 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/05/14 00:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/14 00:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
MOD - [2014/05/14 00:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/14 00:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/14 00:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/14 00:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/03 02:09:27 | 003,610,624 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/10 22:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 22:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 22:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 22:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 22:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/09/08 14:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 14:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/05/13 21:00:57 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 12:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/09 15:10:00 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 19:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 04:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{29E7B6D0-0DA9-4C04-81E6-5ACCBC713E74}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A83BC61-35DA-49C2-810F-8D3464535C4A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?gd=&cti [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/?p...97&ocid=UP97DHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {87F980E4-059E-490A-BB86-D2740E44185F}
IE - HKCU\..\SearchScopes\{64718D15-4E7C-4385-AE4B-656A0AFB90FE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{87F980E4-059E-490A-BB86-D2740E44185F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8DBC303B-C20B-4A8C-9441-0CF7CEE5AD1F}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\..\SearchScopes\{A30834C6-8411-4C31-ABAD-AC423646CA1C}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{DE2D1802-0D0C-4ED0-B319-AE88EA7CEE03}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:3.2.3
FF - prefs.js..extensions.enabledAddons: {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}:1.3.3
FF - prefs.js..extensions.enabledAddons: [email protected]c2592d0df.com:0.94.33
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/...7DF&PC=UP97&q="
FF - prefs.js..browser.startup.homepage: "http://ie.msn.com/?p...7&ocid=UP97DHP"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/30 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/30 18:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/30 18:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/26 11:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/17 17:24:02 | 000,000,000 | ---D | M]
 
[2011/12/10 21:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2014/04/13 21:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions
[2014/04/10 18:47:31 | 000,000,000 | ---D | M] ("GoPhoto.it V9.0") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com
[2012/09/23 10:13:48 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2013/11/05 18:09:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2012/11/07 21:09:17 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2014/04/10 18:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com\extensionData
[2014/04/10 18:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com\extensionData\plugins
[2014/04/10 18:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com\extensionData\userCode
[2012/10/13 19:34:19 | 000,189,644 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2014/05/25 13:06:41 | 000,006,057 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\searchplugins\bingp.xml
[2013/08/15 17:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/25 13:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/30 18:29:15 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
File not found (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KUG0ZLD3.DEFAULT\EXTENSIONS\[email protected]C2592D0DF.COM
[2012/02/27 19:43:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/07 14:12:08 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/11/30 18:28:05 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/02/27 19:43:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/27 19:43:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 19:43:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/27 19:43:34 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/27 19:43:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: file:///C:/Users/Lisa/Desktop/CERC%20July%202013/DAN%20O%20DONAVAN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Surf Canyon = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.2.2_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: GoPhoto.it V9.0 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\crossrider
CHR - Extension: GoPhoto.it V9.0 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Online HD TV = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.9_0\
CHR - Extension: Google+ = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1108_0\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.213.1_0\
CHR - Extension: AdBlock Premium = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj\2.6.4.3_0\
CHR - Extension: AdBlock = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: RealDownloader = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Wheels On Fire = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\
CHR - Extension: Google Maps = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/11/26 22:07:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (GoPhoto.it V9.0) - {11111111-1111-1111-1111-110311401168} - C:\Program Files (x86)\GoPhoto.it V9.0\GoPhoto.it V9.0-bho64.dll (installdaddy)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (GoPhoto.it V9.0) - {11111111-1111-1111-1111-110311401168} - C:\Program Files (x86)\GoPhoto.it V9.0\GoPhoto.it V9.0-bho.dll (installdaddy)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [3309D5F84347009DE648571E504BA7F8F4647E7A._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [MusicManager] C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKCU..\Run: [uTorrent] C:\Users\Lisa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [!DefaultSetup] C:\Users\Lisa\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe (© 2013 Microsoft Corporation)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://planenquiry.c...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AF281B-F806-46C8-8A3E-333914F2DB49}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEEFB0CB-BB1B-4920-B6DE-F08C76D5D0CE}: DhcpNameServer = 192.168.219.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49DCB1D-7609-4E33-A4BE-FA1E10FEFD91}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7114ee9e-0035-11e2-9d4d-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7114ee9e-0035-11e2-9d4d-b870f45de2ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7114eea1-0035-11e2-9d4d-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7114eea1-0035-11e2-9d4d-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f6a99523-34e5-11e2-b2fa-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a99523-34e5-11e2-b2fa-b870f45de2ac}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{f92e7fa3-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e7fa3-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f92e7fc3-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e7fc3-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f92e8076-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e8076-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb849760-0419-11e2-b690-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{fb849760-0419-11e2-b690-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/25 13:05:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Skype
[2014/05/25 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/05/25 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/25 13:05:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/05/20 16:08:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\IPHONE PICS
[2014/05/18 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/05/18 22:25:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/05/18 21:39:37 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Google Drive
[2014/05/18 20:03:30 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Dropbox
[2014/05/18 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2014/05/18 20:01:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/05/17 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Xaviar
[2014/05/14 03:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/13 21:57:27 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\EmieUserList
[2014/05/13 21:57:27 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\EmieSiteList
[2014/05/08 20:57:54 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/26 18:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/26 17:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/26 17:34:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000UA.job
[2014/05/26 12:52:04 | 000,002,780 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-3.job
[2014/05/26 12:47:09 | 000,001,438 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-5.job
[2014/05/26 12:47:03 | 000,002,126 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-4.job
[2014/05/26 12:47:01 | 000,001,330 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2.job
[2014/05/26 12:47:00 | 000,001,366 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-1.job
[2014/05/26 09:09:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/26 05:06:16 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000Core.job
[2014/05/25 18:45:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/25 13:05:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/23 23:04:40 | 000,792,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/23 23:04:40 | 000,672,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/23 23:04:40 | 000,131,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/23 07:53:48 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 07:53:48 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 07:45:58 | 001,179,648 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/05/23 07:45:38 | 3148,685,312 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/18 21:39:38 | 000,001,703 | ---- | M] () -- C:\Users\Lisa\Desktop\Google Drive.lnk
[2014/05/18 20:03:30 | 000,001,047 | ---- | M] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/05/18 20:01:48 | 000,001,057 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/14 08:12:52 | 000,000,632 | RHS- | M] () -- C:\Users\Lisa\ntuser.pol
[2014/05/12 18:57:06 | 000,000,859 | ---- | M] () -- C:\Users\Lisa\Desktop\µTorrent.lnk
[2014/05/12 18:57:06 | 000,000,839 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/09 12:35:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/05/07 07:52:13 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/05/07 07:52:13 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/05/07 07:52:13 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/25 13:05:19 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/18 22:29:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000UA.job
[2014/05/18 22:29:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000Core.job
[2014/05/18 21:39:38 | 000,001,703 | ---- | C] () -- C:\Users\Lisa\Desktop\Google Drive.lnk
[2014/05/18 20:03:30 | 000,001,047 | ---- | C] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/05/18 20:01:48 | 000,001,057 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/09 12:35:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/01/19 12:50:19 | 000,001,195 | ---- | C] () -- C:\Users\Lisa\Downloads - Shortcut.lnk
[2013/11/09 15:28:19 | 000,205,861 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/11/09 15:28:19 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/10/18 11:04:28 | 000,000,632 | RHS- | C] () -- C:\Users\Lisa\ntuser.pol
[2012/01/17 22:54:48 | 000,076,055 | ---- | C] () -- C:\Users\Lisa\bucks_of_oranmore.pdf
[2012/01/11 22:39:49 | 000,007,641 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
[2011/12/10 21:37:20 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\.gtk-bookmarks
[2011/12/10 21:32:48 | 000,568,248 | ---- | C] () -- C:\Users\Lisa\.fonts.cache-1
[2011/12/04 13:02:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/10/11 09:22:25 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/26 09:41:58 | 000,096,987 | ---- | C] () -- C:\Users\Lisa\likeuson-facebook.png
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/28 21:57:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.ABC
[2014/04/09 14:28:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Audacity
[2014/05/23 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
[2014/05/23 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2011/09/18 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlayFirst
[2014/05/19 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client
[2011/10/17 23:37:48 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Toshiba
[2013/08/11 10:49:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TOSHIBA Online Product Information
[2011/10/18 20:51:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TP
[2014/05/26 18:24:10 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2013/02/19 21:52:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Visan
[2013/01/07 16:45:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
[2012/02/21 10:43:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
 

  • 0

Advertisements


#2
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello Stephen Stato, 
 
My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)
 
Notes before we commence:
 
  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "Stephen Stato". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.
Extra
 
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:

  • 0

#3
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Teima

 

Thank you very much for your help.

I look forward to my fist instruction.

 

Stato


  • 0

#4
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello. Stephen Stato allow me to commence. I do notice that there's some adware present so we'll remove that first.  :)
 
Step One
 
I'd highly recommend that you uninstall uTorrent as this has been identified as additional P2P program.
 
Please note that even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
 
References for the risk of this program can be found at these links below.
To remove uTorrent please navigate to Control Panel > Programs and Features and select the uninstall option.
 
Step Two
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]
 
:OTL

PRC - [2014/05/25 13:06:39 | 002,587,288 | ---- | M] (© 2013 Microsoft Corporation) -- C:\Users\Lisa\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe
[2014/04/10 18:47:31 | 000,000,000 | ---D | M] ("GoPhoto.it V9.0") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com[2014/05/26 12:52:04 | 000,002,780 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-3.job
[2014/05/26 12:47:09 | 000,001,438 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-5.job
[2014/05/26 12:47:03 | 000,002,126 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-4.job
[2014/05/26 12:47:01 | 000,001,330 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2.job
[2014/05/26 12:47:00 | 000,001,366 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-1.job
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?gd=&cti [Binary data over 200 bytes]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {87F980E4-059E-490A-BB86-D2740E44185F}
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
CHR - Extension: Surf Canyon = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.2.2_0\
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[emptytemp]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.
 
Step Three
 
Download AdwCleaner from here to your desktop.
 

Run AdwCleaner via the Scan option and once done select Clean

 

Once done it will ask to reboot, allow this.

 
On reboot a log will be produced please attach that for me to review.
 

  • 0

#5
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hi

 

thank you so much for your help,

would you recomend a safer substitute for U Torent.

 

Thnaks again

Stato

 

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named DefaultSetup.exe was found!
Folder C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]86bd1d3dd.com[2014/05/26 12:52:04 | 000,002,780 | ---- | M] () -- C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-3.job\ not found.
File C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-5.job not found.
File C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-4.job not found.
File C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2.job not found.
File C:\Windows\tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-1.job not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}\ deleted successfully.
C:\Program Files (x86)\Surf Canyon\surfcanyon.dll moved successfully.
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.2.2_0 folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ciala
->Temp folder emptied: 62450630 bytes
->Temporary Internet Files folder emptied: 44155256 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92179156 bytes
->Google Chrome cache emptied: 266030322 bytes
->Flash cache emptied: 602 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lisa
->Temp folder emptied: 7327147635 bytes
->Temporary Internet Files folder emptied: 276236315 bytes
->Java cache emptied: 4395224 bytes
->FireFox cache emptied: 105528395 bytes
->Google Chrome cache emptied: 289786759 bytes
->Apple Safari cache emptied: 36864 bytes
->Flash cache emptied: 595 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 654961410 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 17214500187 bytes
 
Total Files Cleaned = 25,158.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05292014_201001

Files\Folders moved on Reboot...
File\Folder C:\Users\Lisa\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-2579 not found!
File\Folder C:\Users\Lisa\AppData\Local\Temp\etilqs_fTE9ffk3hH3NdOn not found!
File\Folder C:\Users\Lisa\AppData\Local\Temp\etilqs_q7PtQTkyMGSB7Fe not found!
C:\Users\Lisa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lisa\AppData\Local\Temp\~DF7FAEC140D5E4567E.TMP moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\kug0zld3.default\_CACHE_CLEAN_ moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#6
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

And the ADW file

 

Thamks again,

 

# AdwCleaner v3.211 - Report created 29/05/2014 at 20:48:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lisa - LISA-OSUL
# Running from : C:\Users\Lisa\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\Extensions\[email protected]
Folder Deleted : C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\searchplugins\bingp.xml
File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\ciala\AppData\Roaming\Mozilla\Firefox\Profiles\ot6icpph.default\prefs.js ]


[ File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\prefs.js ]

Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14537b6c67757350ec069539d79d0df5");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119781&tt=gc_&babsrc=SP_ss&mntrId=DC84002163FC60DF
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn

[ File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
Deleted [Extension] : ocoombckbcnabpaghmokhaapnbngahck
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [6885 octets] - [29/05/2014 20:45:03]
AdwCleaner[S0].txt - [6734 octets] - [29/05/2014 20:48:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6794 octets] ##########
 


  • 0

#7
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Hello Stephen Stato. Would you be able to advise me as to which torrents you intend to install? Also. How is the machine running at the moment?

 

Step One

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here.
 

  • Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.

 

Step Two

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

  • 0

#8
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

hi Again

 

I was thinking of using ABC, but having seen the source of all these treats i might have to reconsider the entire approach to accessing TV and Films.

 

All pops have stopped and i believe there is a pick up in speed. In the last few minutes since removing the treats with the Malware scanner i believe the computer sounds like its getting stuff done faster theres a certain urgency to it s whinings again.

So thanks again...

 

results of  scan logs...

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 03/06/2014
Scan Time: 11:06:46
Logfile: 03.06.14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.03.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lisa
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328084
Time Elapsed: 29 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.GoPhoto.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GoPhoto.it V9.0, Quarantined, [808f353f4f2c44f24251f5a4649e51af], 
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [739c5321740755e1a50e77330af8c53b], 
PUP.Optional.SProtector.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, Quarantined, [8f80cba9b7c452e441818444996aad53], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [19f6492badcedb5b8632b426da2927d9], 
PUP.Optional.GoPhoto.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GoPhoto.it V9.0, Quarantined, [b25d2a4aaad175c13a59dfba57ab3fc1], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, Quarantined, [f01f6a0a3e3d171f13f50f8552b0d62a], 
PUP.Optional.TornTV.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [c44bcfa55b20f343674ca6047290eb15], 
PUP.Optional.VidSaver.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Vid-Saver, Quarantined, [e52a8fe5384362d4fc965e4ddd25728e], 
 
Registry Values: 5
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [65aa80f4611a5ed8e007df54748e3ac6], 
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, ½¶stâ??FDG¨+xTë=p¶, Quarantined, [65aa80f4611a5ed8e007df54748e3ac6]
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [65aa80f4611a5ed8e007df54748e3ac6], 
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, Quarantined, [1cf3c2b2d3a883b3b730d063be440af6], 
PUP.Optional.ConduitSearchProtect, HKU\S-1-5-21-3734433013-2235189305-930175613-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\Users\ciala\AppData\Roaming\SearchProtect\cltmng.exe, Quarantined, [38d7274db3c83afc2c1303c0f013dd23]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 26
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV, Quarantined, [21ee99dbc3b8df57956f661937cbae52], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn, Quarantined, [10ff4b294a3156e0395f6b159d657a86], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\html, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\icons, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0, Quarantined, [40cfe98be992ee48538291f843bffa06], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\userCode, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons\actions, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\popupResource, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\html, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\icons, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ccfjbdjailljfihgkoccfbiljjapiijb_0, Quarantined, [dc33e98b6813c86e9a333b4fb0526799], 
PUP.Optional.SurfCanyon.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem, Quarantined, [c54aea8a7cff88ae57d1038b689af010], 
 
Files: 152
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Victorious_S03E01_A_Christmas_Tori_480p_WEB-DL_x264-mSD.exe, Quarantined, [917eb9bbc8b3c274523ecb48867bf50b], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_S3_E1_TV_XviD_phcon_xvid.exe, Quarantined, [e7280d67314a5fd7c5cb49caf60bd030], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_S3_E1_TV_XviD_phcon_xvid_avi (1).exe, Quarantined, [2ee13c38fc7fce684947789b41c040c0], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_S3_E1_TV_XviD_phcon_xvid_avi (3).exe, Quarantined, [e22d9ed69eddf93de3ada96a3dc48779], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_S3_E1_TV_XviD_phcon_xvid_avi.exe, Quarantined, [c14e99dbb2c9d75faee226ede51c7090], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_Season_3_Complete_(2012)_HQ_DVDrip_Xvid_T-AND-A-G_(IrishTorrents (1).exe, Quarantined, [63ac443057243402ccc4c0536b96fb05], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_Season_3_Complete_(2012)_HQ_DVDrip_Xvid_T-AND-A-G_(IrishTorrents.exe, Quarantined, [957a1c58a3d86cca464a6da61fe28d73], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\love_hate_season_3_Direct (1).exe, Quarantined, [78978ee642396cca8a061300926fa55b], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\love_hate_season_3_Direct.exe, Quarantined, [dc33680c1e5d42f43957977cc041946c], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\love_hate_season_3_Full (1).exe, Quarantined, [ba55afc5b9c2f640d6bae330db265fa1], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\love_hate_season_3_Full.exe, Quarantined, [25ea60147a0181b51878da3918e9659b], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_s4_Full (1).exe, Quarantined, [4bc48fe5037884b2d3bd5eb5c33ea957], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_s4_Full (2).exe, Quarantined, [2be44e266f0c6ccaeaa66ca7af5212ee], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_s4_Full.exe, Quarantined, [0609116389f22c0ad6ba2ce751b052ae], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_season_4_Verified (1).exe, Quarantined, [c04fa3d10e6d47efe3ad8c8799686898], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_season_4_Verified (2).exe, Quarantined, [42cd0d6797e454e2ccc4848f9e634cb4], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_season_4_Verified (3).exe, Quarantined, [d9367cf86c0f1e18ff9171a219e8ca36], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\girls_season_4_Verified.exe, Quarantined, [61aefd778eede5515739ea29bc456a96], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\[_www_Speed_Cd_]_Victorious_S03E01_A_Christmas_Tori_720p_HDTV_x264_PREMiER (1).exe, Quarantined, [c14eabc9fe7d3204246c779c5ba6ee12], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\[_www_Speed_Cd_]_Victorious_S03E01_A_Christmas_Tori_720p_HDTV_x264_PREMiER.exe, Quarantined, [36d9e490dc9f8fa710809a79966b8d73], 
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Love_Hate_S3_E1_TV_XviD_phcon_xvid_avi (2).exe, Quarantined, [9f7094e0f28970c62868d43f6e9318e8], 
PUP.Optional.ShoppingGate.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [60afd0a4cead5dd9fef31d798082a65a], 
PUP.Optional.ShoppingGate.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [62ad1b5907745bdbda1798fe778b1fe1], 
PUP.Optional.ShoppingGate.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [e42ba4d0ed8e2f078b66ebabb74bf20e], 
PUP.Optional.ShoppingGate.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [927ded87205b11251cd5d1c50200a65a], 
PUP.Optional.Superfish.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [907fb7bd23588ea82b28d7c08280cc34], 
PUP.Optional.Superfish.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [2be48be9aad11e18c48f118649b9d927], 
PUP.Optional.Superfish.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [ea25b4c0ea9139fd490ad3c45da5f50b], 
PUP.Optional.Superfish.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [fe119cd8ed8edb5b64ef395e5ca6a55b], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfjbdjailljfihgkoccfbiljjapiijb_0.localstorage, Quarantined, [a867c7ad44372b0b1a7b940554ae6a96], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfjbdjailljfihgkoccfbiljjapiijb_0.localstorage-journal, Quarantined, [957a393b007b3cfaeca9b3e6f909ed13], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0.localstorage, Quarantined, [43ccf67ecfac290d6f3dc8d30df532ce], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0.localstorage-journal, Quarantined, [6fa0c3b1a0db181e09a39efda65c639d], 
PUP.Optional.Searchqu.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarantined, [63ac0074ea9178befeacc8fe8281be42], 
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV\onhd10.crx, Quarantined, [21ee99dbc3b8df57956f661937cbae52], 
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV\onhdtemp.xpi, Quarantined, [21ee99dbc3b8df57956f661937cbae52], 
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV\OnlineHDTV.exe, Quarantined, [21ee99dbc3b8df57956f661937cbae52], 
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV\uninst.exe, Quarantined, [21ee99dbc3b8df57956f661937cbae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\manifest.json, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\html\bg.html, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\icons\icon128.png, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\icons\icon16.png, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.0.0_0\icons\icon48.png, Quarantined, [d13ea3d1fe7d51e55048344c738f7987], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0\3, Quarantined, [40cfe98be992ee48538291f843bffa06], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000022.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000024.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000030.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000033.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000036.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000037.log, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\000038.ldb, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\CURRENT, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\LOCK, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\LOG, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\LOG.old, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn\MANIFEST-000035, Quarantined, [0a059fd5c6b50c2ac21aabdee2200df3], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\background.html, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\chromeCoreFilesIndex.txt, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\crossriderManifest.json, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\manifest.json, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\popup.html, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\manifest.xml, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins.json, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\1.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\1000020.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\1000025.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\1000030.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\102.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\103.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\104.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\123.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\13.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\14.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\155.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\17.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\175.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\177.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\180.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\182.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\183.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\19.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\190.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\193.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\195.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\207.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\21.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\22.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\220.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\223.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\246.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\28.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\4.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\47.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\64.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\7.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\72.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\78.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\80.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\9.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\91.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\93.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\plugins\97.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\userCode\background.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\extensionData\userCode\extension.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons\icon128.png, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons\icon16.png, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons\icon48.png, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\icons\actions\1.png, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\background.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\main.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\platformVersion.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\chrome.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\cookie.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\message.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\monitor.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\pageAction.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\api\pageActionBG.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\app_api.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\bg_app_api.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\consts.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\cookie_store.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\crossriderAPI.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\delegate.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\events.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\extensionDataStore.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\installer.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\logFile.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\logging.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\onBGDocumentLoad.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\reports.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\storageWrapper.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\updateManager.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\util.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\xhr.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\popupResource\newPopup.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.26.219_0\js\lib\popupResource\popup.js, Quarantined, [0e01a9cb4e2d0d29ad1e088240c2f907], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\manifest.json, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\html\bg.html, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\icons\icon128.png, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\icons\icon16.png, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb\1.0.0_0\icons\icon48.png, Quarantined, [e926462e7407270f418a39516b97ae52], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\000022.ldb, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\000027.ldb, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\000030.ldb, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\000033.ldb, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\000034.log, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\CURRENT, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\LOCK, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\LOG, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\LOG.old, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccfjbdjailljfihgkoccfbiljjapiijb\MANIFEST-000032, Quarantined, [709fcaaa047769cdb01c9cee3dc5649c], 
PUP.Optional.CrossRider.A, C:\Users\ciala\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ccfjbdjailljfihgkoccfbiljjapiijb_0\4, Quarantined, [dc33e98b6813c86e9a333b4fb0526799], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Step two

 

Otl report 1

 


OTL logfile created on: 6/3/2014 11:57:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
3.91 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 35.28% Memory free
7.82 Gb Paging File | 4.78 Gb Available in Paging File | 61.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 19.84 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 126.95 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
 
Computer Name: LISA-OSUL | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/03 11:56:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL (2).exe
PRC - [2014/05/20 01:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/15 22:38:02 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/05/14 00:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 18:39:25 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/30 18:27:51 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/10/26 16:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/01 12:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 13:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 09:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/03 11:42:49 | 000,043,008 | ---- | M] () -- c:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2wuie4.dll
MOD - [2014/06/03 11:42:23 | 001,159,680 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_ssl.pyd
MOD - [2014/06/03 11:42:23 | 000,805,888 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._gdi_.pyd
MOD - [2014/06/03 11:42:23 | 000,713,216 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_hashlib.pyd
MOD - [2014/06/03 11:42:23 | 000,110,080 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\PyWinTypes27.dll
MOD - [2014/06/03 11:42:23 | 000,027,136 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_multiprocessing.pyd
MOD - [2014/06/03 11:42:22 | 001,062,400 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._controls_.pyd
MOD - [2014/06/03 11:42:22 | 000,811,008 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._windows_.pyd
MOD - [2014/06/03 11:42:22 | 000,070,656 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._html2.pyd
MOD - [2014/06/03 11:42:22 | 000,038,912 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32inet.pyd
MOD - [2014/06/03 11:42:22 | 000,035,840 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32process.pyd
MOD - [2014/06/03 11:42:22 | 000,025,600 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32pdh.pyd
MOD - [2014/06/03 11:42:22 | 000,024,064 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32pipe.pyd
MOD - [2014/06/03 11:42:21 | 000,686,080 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\unicodedata.pyd
MOD - [2014/06/03 11:42:21 | 000,525,640 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/03 11:42:21 | 000,127,488 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\pyexpat.pyd
MOD - [2014/06/03 11:42:21 | 000,119,808 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32file.pyd
MOD - [2014/06/03 11:42:21 | 000,108,544 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32security.pyd
MOD - [2014/06/03 11:42:21 | 000,018,432 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32event.pyd
MOD - [2014/06/03 11:42:21 | 000,017,408 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32profile.pyd
MOD - [2014/06/03 11:42:21 | 000,010,240 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\select.pyd
MOD - [2014/06/03 11:42:20 | 001,175,040 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._core_.pyd
MOD - [2014/06/03 11:42:20 | 000,557,056 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\pysqlite2._sqlite.pyd
MOD - [2014/06/03 11:42:20 | 000,320,512 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32com.shell.shell.pyd
MOD - [2014/06/03 11:42:20 | 000,167,936 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32gui.pyd
MOD - [2014/06/03 11:42:20 | 000,128,512 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_elementtree.pyd
MOD - [2014/06/03 11:42:20 | 000,098,816 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32api.pyd
MOD - [2014/06/03 11:42:20 | 000,087,552 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_ctypes.pyd
MOD - [2014/06/03 11:42:20 | 000,045,568 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\_socket.pyd
MOD - [2014/06/03 11:42:20 | 000,022,528 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32ts.pyd
MOD - [2014/06/03 11:42:19 | 000,735,232 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._misc_.pyd
MOD - [2014/06/03 11:42:19 | 000,364,544 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\pythoncom27.dll
MOD - [2014/06/03 11:42:19 | 000,122,368 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._wizard.pyd
MOD - [2014/06/03 11:42:19 | 000,078,336 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\wx._animate.pyd
MOD - [2014/06/03 11:42:19 | 000,011,264 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\_MEI28522\win32crypt.pyd
MOD - [2014/05/15 22:24:36 | 000,344,064 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/05/15 22:21:24 | 000,253,440 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/05/15 22:20:58 | 000,231,936 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/05/15 22:20:54 | 000,117,248 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/05/14 00:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/14 00:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/14 00:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/14 00:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/14 00:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/03 02:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/10 22:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 22:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 22:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 22:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 22:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/09/08 14:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 14:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/05/28 19:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/13 21:00:57 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 12:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/03 11:41:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/09 15:10:00 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 19:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 04:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{29E7B6D0-0DA9-4C04-81E6-5ACCBC713E74}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A83BC61-35DA-49C2-810F-8D3464535C4A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/?p...97&ocid=UP97DHP
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes,DefaultScope = {87F980E4-059E-490A-BB86-D2740E44185F}
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{64718D15-4E7C-4385-AE4B-656A0AFB90FE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{87F980E4-059E-490A-BB86-D2740E44185F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{8DBC303B-C20B-4A8C-9441-0CF7CEE5AD1F}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{A30834C6-8411-4C31-ABAD-AC423646CA1C}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\..\SearchScopes\{DE2D1802-0D0C-4ED0-B319-AE88EA7CEE03}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ie.msn.com/?p...7&ocid=UP97DHP"
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.2.4
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...7DF&PC=UP97&q="
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/30 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/30 18:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/30 18:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/28 19:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/28 19:22:36 | 000,000,000 | ---D | M]
 
[2014/06/03 11:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2014/05/30 09:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions
[2014/05/28 12:27:57 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2012/11/07 21:09:17 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2014/05/29 09:13:28 | 000,215,985 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\kug0zld3.default\extensions\[email protected]
[2014/05/29 20:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/28 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/28 19:23:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/30 18:29:15 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2010/07/07 14:12:08 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/11/30 18:28:05 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google+ = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1108_0\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.214.0_0\
CHR - Extension: AdBlock Premium = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj\2.6.4.3_0\
CHR - Extension: AdBlock = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.35_0\
CHR - Extension: RealDownloader = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Maps = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/11/26 22:07:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [3309D5F84347009DE648571E504BA7F8F4647E7A._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [MusicManager] C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://planenquiry.c...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AF281B-F806-46C8-8A3E-333914F2DB49}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEEFB0CB-BB1B-4920-B6DE-F08C76D5D0CE}: DhcpNameServer = 192.168.219.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49DCB1D-7609-4E33-A4BE-FA1E10FEFD91}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7114ee9e-0035-11e2-9d4d-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7114ee9e-0035-11e2-9d4d-b870f45de2ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7114eea1-0035-11e2-9d4d-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7114eea1-0035-11e2-9d4d-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f6a99523-34e5-11e2-b2fa-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a99523-34e5-11e2-b2fa-b870f45de2ac}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{f92e7fa3-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e7fa3-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f92e7fc3-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e7fc3-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f92e8076-5b63-11e2-9bcf-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f92e8076-5b63-11e2-9bcf-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb849760-0419-11e2-b690-b870f45de2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{fb849760-0419-11e2-b690-b870f45de2ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/03 11:05:36 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/03 11:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/03 11:05:05 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/03 11:05:05 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/03 11:05:05 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/03 11:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/03 11:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/29 20:45:45 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/29 20:19:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/29 20:10:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/28 19:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/28 12:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/28 12:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/25 13:05:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Skype
[2014/05/25 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/05/25 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/25 13:05:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/05/20 16:08:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\IPHONE PICS
[2014/05/18 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/05/18 22:25:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/05/18 21:39:37 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Google Drive
[2014/05/18 20:03:30 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Dropbox
[2014/05/18 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2014/05/18 20:01:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/05/17 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Xaviar
[2014/05/14 03:09:59 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 03:09:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 03:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/13 21:57:27 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\EmieUserList
[2014/05/13 21:57:27 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\EmieSiteList
[2014/05/13 21:32:29 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/13 21:32:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/13 21:31:58 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/13 21:31:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/13 21:31:55 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/13 21:31:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/13 21:31:53 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/13 21:31:52 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/13 21:31:49 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/13 21:31:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/13 21:31:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/13 21:31:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/13 21:31:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/13 21:31:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/13 21:31:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/13 21:31:44 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/13 21:31:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/13 21:31:44 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/13 21:31:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/13 21:31:43 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/13 21:31:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/13 21:31:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/13 21:31:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/13 21:31:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/13 21:31:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/08 20:59:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/08 20:58:59 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/08 20:58:56 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/08 20:58:40 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/08 20:58:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/08 20:58:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/08 20:58:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/08 20:58:35 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/08 20:58:34 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/08 20:58:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/08 20:58:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/08 20:58:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/08 20:58:32 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/08 20:58:30 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/08 20:58:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/08 20:58:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/08 20:58:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/08 20:58:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/08 20:58:29 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/08 20:58:23 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/08 20:58:23 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/08 20:58:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/08 20:58:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/08 20:58:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/08 20:58:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/08 20:58:21 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/08 20:58:17 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/08 20:58:16 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/08 20:58:11 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/08 20:57:54 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/03 12:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/03 11:48:16 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 11:48:16 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 11:45:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/03 11:41:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/03 11:41:25 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/03 11:40:19 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/06/03 11:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/03 11:40:11 | 3148,685,312 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 11:34:16 | 000,792,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/03 11:34:16 | 000,672,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/03 11:34:16 | 000,131,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/03 11:34:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000UA.job
[2014/06/03 11:05:26 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/02 22:34:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000Core.job
[2014/05/29 13:11:16 | 000,002,364 | ---- | M] () -- C:\Users\Lisa\Desktop\CERC - Chrome.lnk
[2014/05/29 13:11:14 | 000,002,320 | ---- | M] () -- C:\Users\Lisa\Desktop\First user - Chrome.lnk
[2014/05/29 13:11:14 | 000,002,320 | ---- | M] () -- C:\Users\Lisa\Desktop\4od.lnk
[2014/05/28 19:22:46 | 000,001,057 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/28 19:22:31 | 000,001,023 | ---- | M] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/05/25 13:05:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/18 21:39:38 | 000,001,703 | ---- | M] () -- C:\Users\Lisa\Desktop\Google Drive.lnk
[2014/05/14 08:12:52 | 000,000,632 | RHS- | M] () -- C:\Users\Lisa\ntuser.pol
[2014/05/13 21:00:57 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/13 21:00:56 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/09 12:35:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/05/09 07:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 07:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 07:52:13 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/05/07 07:52:13 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/05/07 07:52:13 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/05/06 04:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/06 03:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files Created - No Company Name ==========
 
[2014/06/03 11:05:26 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/29 13:11:16 | 000,002,364 | ---- | C] () -- C:\Users\Lisa\Desktop\CERC - Chrome.lnk
[2014/05/25 13:05:19 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/18 22:29:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000UA.job
[2014/05/18 22:29:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3734433013-2235189305-930175613-1000Core.job
[2014/05/18 21:39:38 | 000,001,703 | ---- | C] () -- C:\Users\Lisa\Desktop\Google Drive.lnk
[2014/05/18 20:03:30 | 000,001,023 | ---- | C] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/05/18 20:01:48 | 000,001,057 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/09 12:35:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/01/19 12:50:19 | 000,001,195 | ---- | C] () -- C:\Users\Lisa\Downloads - Shortcut.lnk
[2013/11/09 15:28:19 | 000,205,861 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/11/09 15:28:19 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/10/18 11:04:28 | 000,000,632 | RHS- | C] () -- C:\Users\Lisa\ntuser.pol
[2012/01/17 22:54:48 | 000,076,055 | ---- | C] () -- C:\Users\Lisa\bucks_of_oranmore.pdf
[2012/01/11 22:39:49 | 000,007,641 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
[2011/12/10 21:37:20 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\.gtk-bookmarks
[2011/12/10 21:32:48 | 000,568,248 | ---- | C] () -- C:\Users\Lisa\.fonts.cache-1
[2011/12/04 13:02:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/10/11 09:22:25 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/26 09:41:58 | 000,096,987 | ---- | C] () -- C:\Users\Lisa\likeuson-facebook.png
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 14:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2014/02/09 10:32:39 | 000,000,423 | ---- | M] () MD5=404EC48D134FE380D6C3A1201A54C395 -- C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\6CA3UE34\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< dir C:\ /S /A:L /C >
 Volume in drive C is WINDOWS
 Volume Serial Number is 4CE3-26FC
 Directory of C:\
14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\ciala
18/10/2012  11:14    <JUNCTION>     Application Data [C:\Users\ciala\AppData\Roaming]
18/10/2012  11:14    <JUNCTION>     Cookies [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Cookies]
18/10/2012  11:14    <JUNCTION>     Local Settings [C:\Users\ciala\AppData\Local]
18/10/2012  11:14    <JUNCTION>     My Documents [C:\Users\ciala\Documents]
18/10/2012  11:14    <JUNCTION>     NetHood [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/10/2012  11:14    <JUNCTION>     PrintHood [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/10/2012  11:14    <JUNCTION>     Recent [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Recent]
18/10/2012  11:14    <JUNCTION>     SendTo [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\SendTo]
18/10/2012  11:14    <JUNCTION>     Start Menu [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Start Menu]
18/10/2012  11:14    <JUNCTION>     Templates [C:\Users\ciala\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\ciala\AppData\Local
18/10/2012  11:14    <JUNCTION>     Application Data [C:\Users\ciala\AppData\Local]
18/10/2012  11:14    <JUNCTION>     History [C:\Users\ciala\AppData\Local\Microsoft\Windows\History]
18/10/2012  11:14    <JUNCTION>     Temporary Internet Files [C:\Users\ciala\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\ciala\Documents
18/10/2012  11:14    <JUNCTION>     My Music [C:\Users\ciala\Music]
18/10/2012  11:14    <JUNCTION>     My Pictures [C:\Users\ciala\Pictures]
18/10/2012  11:14    <JUNCTION>     My Videos [C:\Users\ciala\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa
06/09/2011  16:34    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Roaming]
06/09/2011  16:34    <JUNCTION>     Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]
06/09/2011  16:34    <JUNCTION>     Local Settings [C:\Users\Lisa\AppData\Local]
06/09/2011  16:34    <JUNCTION>     My Documents [C:\Users\Lisa\Documents]
06/09/2011  16:34    <JUNCTION>     NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2011  16:34    <JUNCTION>     PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2011  16:34    <JUNCTION>     Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2011  16:34    <JUNCTION>     SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2011  16:34    <JUNCTION>     Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2011  16:34    <JUNCTION>     Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\AppData\Local
06/09/2011  16:34    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Local]
06/09/2011  16:34    <JUNCTION>     History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]
06/09/2011  16:34    <JUNCTION>     Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\Documents
06/09/2011  16:34    <JUNCTION>     My Music [C:\Users\Lisa\Music]
06/09/2011  16:34    <JUNCTION>     My Pictures [C:\Users\Lisa\Pictures]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
09/05/2011  15:27    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/05/2011  15:27    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2011  15:27    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
09/05/2011  15:27    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
09/05/2011  15:27    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2011  15:27    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2011  15:27    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2011  15:27    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2011  15:27    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2011  15:27    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
09/05/2011  15:27    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/05/2011  15:27    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/05/2011  15:27    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
09/05/2011  15:27    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
09/05/2011  15:27    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
09/05/2011  15:27    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
09/05/2011  15:27    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/05/2011  15:27    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2011  15:27    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
09/05/2011  15:27    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
09/05/2011  15:27    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2011  15:27    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2011  15:27    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2011  15:27    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2011  15:27    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2011  15:27    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
09/05/2011  15:27    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/05/2011  15:27    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/05/2011  15:27    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
09/05/2011  15:27    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
09/05/2011  15:27    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
09/05/2011  15:27    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              97 Dir(s)  21,478,522,880 bytes free
 
< End of report >
 
Report 2
 

OTL Extras logfile created on: 6/3/2014 11:57:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
3.91 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 35.28% Memory free
7.82 Gb Paging File | 4.78 Gb Available in Paging File | 61.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 19.84 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 126.95 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
 
Computer Name: LISA-OSUL | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan_Content] -- C:\Program Files\Scanner\Scanner.exe "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan_Content] -- C:\Program Files\Scanner\Scanner.exe "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F5E932-A19C-4F4E-BB9A-21B6ADC4F45B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0975DE55-38DE-4FE0-8FB6-37C817D2E037}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B551864-9B76-44B3-9072-90AA103A8050}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29ADBA50-8B37-4493-8D3A-692019920827}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{2C4D8032-9B1D-4F6F-96B6-CB6B762AC9E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30F13744-BEF5-45A8-95EB-F4BD5908BFCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3252013B-C4CE-4AEF-91BD-A3250997DEF5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{39F2E2E5-DFB8-4BF3-86E3-903A47E5C46B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3AFCD97B-438E-4739-A9A3-716D36E3BE17}" = rport=139 | protocol=6 | dir=out | app=system | 
"{485DF4B4-4F25-4913-89AE-FA00A5E29127}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A59C8A4-D3EF-4B34-BEA9-F7F6285C4D22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50B9AD14-4045-407E-9C54-FCDD7F546C20}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50E44CD7-2361-4D3F-AD8E-54F3FE88E481}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{512C5853-F42C-4EB0-BBD9-93E04B8C7834}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{68DD734D-2D42-40EA-BE53-DB27AA14BF30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74FCEB7B-4813-4363-B6C8-4AB580108957}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{876646BC-5B9B-4FA0-A096-33A628154243}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90D5DBBB-5B01-497F-84C6-CB553050B81C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9741E8A6-0351-4243-B873-08BDC08EDE56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{9D28587A-0A57-421D-939E-6A59DD0F070C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{A2761348-FEFD-4F22-BC71-81BD1A2F8738}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AEC35065-9DBE-43D4-9803-E1B320C75BF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1AD35DC-E36C-4194-B2A4-4E5619B9511B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3D5627D-F19C-4F17-8DED-A33BE6CAFFD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FD422FAA-0E63-44D1-B82A-FEF2DBC5FC28}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0131A5F5-83FA-4FE2-9D72-057DA9722197}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{02B457CF-1122-4E45-818E-690BDDA172C8}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\temp\7zs7a46\hpdiagnosticcoreui.exe | 
"{1AB7860E-DE7B-4CB9-AAA0-9342040A0260}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{23B69075-828F-4A78-9118-057F1FBDA072}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{281EFA42-F98E-4715-89F9-82310CC52F61}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{2C7D3A27-3F9A-4016-A253-819DC86208D9}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{313C6961-6530-4074-AE86-D4089644C27E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{33EEB95F-B280-4224-8245-8DCB2EF2870D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{373DA54A-5528-4271-B56B-C748AD31CDE8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3882FA22-B29B-467A-B7DC-5B19682779F9}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{388A2AA1-4E9E-45F7-887C-6E01145F3D8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A092524-9023-4C15-8EB8-809694B92787}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{3D5D6118-5A45-4934-8160-1299178F1B02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EAFB410-970C-4B00-AA5F-CF9AD6BB7210}" = protocol=1 | dir=in | [email protected],-28543 | 
"{41C58647-6EF9-43C6-8762-FE36AC1745F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{485EE136-07DA-4F68-8C43-4DDD9053F6A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C7006A7-89C4-45E9-BACF-812AE5C1F404}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{4CF1C6C6-3A8E-4A5E-9DBB-1DCF05100030}" = protocol=6 | dir=out | app=system | 
"{51740D48-8C7E-4E2A-8E30-517AC3417CB6}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5448B04E-75F0-4AF7-874D-58D0C3E879D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60AA1C1A-4B49-47CA-A9D5-EE002FC5C8E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{60D962A6-89C1-45EA-831A-563CEFB750D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{624C481E-D5B4-40A0-9B2B-BE83797CB4F4}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\utorrent\utorrent.exe | 
"{6CAF856F-7CF8-417A-93C2-83FB4662B60F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E5E0AE9-78F5-43DD-8810-19FE810C3630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73459227-5E50-4DF8-9BFD-8F42906747D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7B30F40A-FE3A-41BF-A3D3-177A446F55ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7CC390CB-7674-400E-9FFA-EC761C2C3ACE}" = protocol=58 | dir=out | [email protected],-28546 | 
"{82953B9C-6FC9-4946-B19C-FE72BEC6362E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{8BB0A6F1-52AD-4984-88B5-1E0AD5D37C7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C7C91B2-6B21-4FE4-A1D0-0510EB80AB68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D11C4DE-56CB-418D-824C-52341C281FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{8DAD0F53-95DB-4872-A8B0-C8E88644D32E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9225A212-B13F-44A8-9444-2E7F315257FA}" = dir=in | app=c:\users\lisa\appdata\local\temp\7zs6581\setup\hpznui40.exe | 
"{937274B2-C5B7-4105-B390-C2DE539721E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9466EFD0-7675-49AA-9EF7-0614BD2CD127}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9B342217-6E11-4932-A94B-AA25D5FC7908}" = protocol=1 | dir=out | [email protected],-28544 | 
"{9BD4C23E-8158-4194-B182-2668CF542026}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{9EA8734B-F3FB-4BE8-9E62-06801DFC38BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{A0E6CF1B-9A7C-4A42-8D1F-FA276E0AA469}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{A3525B9A-742C-4204-9601-3DBBBCF8DF12}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{A6111D58-BBC5-41EE-8298-87DE4A414D18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{AA7BC809-03EE-4BE0-AD5B-12FBA19E7233}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\utorrent\utorrent.exe | 
"{AB76E3E3-2AF4-477E-A331-90425BF5A74D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AF482F65-856A-4316-9A3C-7DF8ABBBC9E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B47A1FE1-6D81-4C84-84E2-7F5B5B5817A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B74BF629-4BF9-49FD-9F44-2D3C863BE7F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8519295-701A-4DA3-9814-F941A26F4899}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{D1400DAD-D9E4-4D03-85B9-0D605E6D12F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{D382859E-C728-4408-9C88-8735AB66F437}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4D204E0-C0D7-4DAB-8711-5F085E36D636}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6418066-9E1A-4B22-92DD-676281D514AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D7B8B10E-8AF8-4DDA-B96B-3ECCDC0BC47B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{DD7E04AD-5836-43A2-AD97-096226B7DB13}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DF36C583-0EAD-4CF6-B84A-E9F4B5C8A02E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E3188F98-7CDB-40F7-880E-40D3DEECA46A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EAB75A82-E5C3-4468-A72A-7F24B88BC310}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9B7AE3B-A183-4291-BCBE-0EE3AC513087}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\local\temp\7zs7a46\hpdiagnosticcoreui.exe | 
"TCP Query User{098F2B7C-B82B-4589-AC7F-8E67218D2CCC}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"TCP Query User{271312C3-5392-44F1-8532-730C17D480FA}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{29D35073-75FE-4C45-BB5E-0B268EBC3D45}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{62F76762-F95D-473C-AED8-808E84C5C17B}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{7176ABF2-3226-498C-9B86-343CD1F96C9D}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{97C63755-BDD8-4921-820D-439872C8672B}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"TCP Query User{990134D6-BC56-4733-984B-3A69FC3D3146}C:\program files (x86)\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\abc\abc.exe | 
"TCP Query User{C3F19912-8766-48B8-9D38-5401B66D9F43}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{D6C57DD7-0FE5-4B6E-B3B1-BD2471B18092}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{EE02C8D0-7B16-44D8-B332-71F44DF3E126}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F0D75645-27E4-4925-BAA7-490C5335A68B}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"UDP Query User{11EB96E6-EBEC-4D65-ACFF-09D706BE6DAC}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{12EA8029-7C5F-49D5-975B-51E8EC107F48}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{2A783542-AB46-4E47-8359-3D700B6AB2B7}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"UDP Query User{44B01834-A580-40D0-B9CA-766B3ED9E671}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"UDP Query User{54D5326D-6D3E-4F27-BC7B-D3BEAE4C6E1C}C:\program files (x86)\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\abc\abc.exe | 
"UDP Query User{652B52AB-16EB-4ACB-AA65-344A8EFBB3E0}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{677DA3C0-8BF4-4FD7-A217-31B67DDB34E3}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{6D1E401A-E4EA-4B03-AAAD-5AF5915C0821}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"UDP Query User{8829D81F-3061-4AD2-8DBC-5D55C499E6F5}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9A94F9B9-91E0-4E7B-83E0-772A9548026A}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{CDD002E4-55D8-4B39-984F-A73A49803E9D}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FDC89200-F5A2-4765-80F9-79506FF8B595}" = SEAI DEAP 3.2.1
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Audacity_is1" = Audacity 2.0
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-GB)" = Mozilla Firefox 29.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"RealPlayer 16.0" = RealPlayer
"Scratch" = Scratch
"VLC media player" = VLC media player 1.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3734433013-2235189305-930175613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/2/2014 11:55:53 AM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2200
 
Error - 6/2/2014 11:55:53 AM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2200
 
Error - 6/2/2014 11:55:54 AM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/2/2014 11:55:54 AM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3448
 
Error - 6/2/2014 11:55:54 AM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3448
 
Error - 6/2/2014 3:30:10 PM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/2/2014 3:30:10 PM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1373
 
Error - 6/2/2014 3:30:10 PM | Computer Name = Lisa-OSul | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1373
 
Error - 6/3/2014 3:57:56 AM | Computer Name = Lisa-OSul | Source = Application Error | ID = 1000
Description = Faulting application name: splwow64.exe, version: 6.1.7601.17777, 
time stamp: 0x4f35fbfe  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521eaf24  Exception code: 0xc0000374  Fault offset: 0x00000000000c4102
Faulting
 process id: 0x129c  Faulting application start time: 0x01cf7f018675f4ae  Faulting application
 path: C:\Windows\splwow64.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: c51d9116-eaf4-11e3-9511-b870f45de2ac
 
Error - 6/3/2014 6:43:08 AM | Computer Name = Lisa-OSul | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
 stamp: 0x53726019  Faulting module name: chrome_child.dll, version: 35.0.1916.114,
 time stamp: 0x53725fa3  Exception code: 0x80000003  Fault offset: 0x004e5fd8  Faulting
 process id: 0x1644  Faulting application start time: 0x01cf7f188dc32239  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome_child.dll
Report
 Id: d919d781-eb0b-11e3-9b05-b870f45de2ac
 
[ Media Center Events ]
Error - 11/3/2013 8:56:35 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 12:56:34 - Error connecting to the internet.  12:56:34 -     Unable 
to contact server..  
 
Error - 11/3/2013 8:56:46 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 12:56:40 - Error connecting to the internet.  12:56:40 -     Unable 
to contact server..  
 
Error - 11/3/2013 9:56:51 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 13:56:51 - Error connecting to the internet.  13:56:51 -     Unable 
to contact server..  
 
Error - 11/3/2013 9:56:58 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 13:56:57 - Error connecting to the internet.  13:56:57 -     Unable 
to contact server..  
 
Error - 11/5/2013 5:40:58 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 09:40:57 - Error connecting to the internet.  09:40:58 -     Unable 
to contact server..  
 
Error - 11/5/2013 5:41:11 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 09:41:03 - Error connecting to the internet.  09:41:03 -     Unable 
to contact server..  
 
Error - 11/5/2013 6:41:49 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 10:41:49 - Error connecting to the internet.  10:41:49 -     Unable 
to contact server..  
 
Error - 11/5/2013 6:41:59 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 10:41:55 - Error connecting to the internet.  10:41:55 -     Unable 
to contact server..  
 
Error - 11/5/2013 7:46:15 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 11:46:15 - Error connecting to the internet.  11:46:15 -     Unable 
to contact server..  
 
Error - 11/5/2013 7:46:22 AM | Computer Name = Lisa-OSul | Source = MCUpdate | ID = 0
Description = 11:46:20 - Error connecting to the internet.  11:46:20 -     Unable 
to contact server..  
 
[ System Events ]
Error - 5/26/2014 1:39:03 PM | Computer Name = Lisa-OSul | Source = DCOM | ID = 10010
Description = 
 
Error - 5/27/2014 3:02:57 AM | Computer Name = Lisa-OSul | Source = Service Control Manager | ID = 7022
Description = The HP Network Devices Support service hung on starting.
 
Error - 5/27/2014 7:05:40 AM | Computer Name = Lisa-OSul | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the IPBusEnum service.
 
Error - 5/27/2014 12:31:37 PM | Computer Name = Lisa-OSul | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5/27/2014 10:02:43 PM | Computer Name = Lisa-OSul | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5/29/2014 7:48:50 AM | Computer Name = Lisa-OSul | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
Error - 5/29/2014 7:58:32 AM | Computer Name = Lisa-OSul | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5/29/2014 1:09:28 PM | Computer Name = Lisa-OSul | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5/29/2014 3:10:01 PM | Computer Name = Lisa-OSul | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 5/30/2014 8:37:51 AM | Computer Name = Lisa-OSul | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >
 
 

  • 0

#10
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Step One

 

Please run a free online scan with the ESET Online Scanner

 
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
 
Note: This scan works with Internet Explorer or Mozilla FireFox.
 
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is Not checked
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on closemake sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

Step Two

 

Download aswMBR by avast! and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Once prompted to download the database, click No.
  • Choose None for the AV Scan option.
  • Press Scan. Once done, click Save Log and choose your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

  • 1

Advertisements


#11
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Hello, do you need any assistance with the instructions which are listed?


  • 0

#12
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hi Teima

 

No iv just started your instructions, i have been ill for the weekend.

 

Stephen


  • 0

#13
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

No worries Stephen. Please take your time. :)


  • 0

#14
Stephen Stato

Stephen Stato

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Teima
 
the Eset scanner takes so long that i normally have to leave for some reason and when i come back theres no sign of it. iv searched in  C:\Program Files\ESET\EsetOnlineScanner\log.txt. but theres no sign of a report to send you.
Im running the scan again and it will hopfully finish while im still at my desk.
 
 
aswMBR scan below
 
 
Thanks Again
Stephen
 
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-12 15:24:03
-----------------------------
15:24:03.167    OS Version: Windows x64 6.1.7601 Service Pack 1
15:24:03.167    Number of processors: 4 586 0x2A07
15:24:03.169    ComputerName: LISA-OSUL  UserName: Lisa
15:24:05.901    Initialize success
15:24:37.897    AVAST engine defs: 14061200
15:25:30.104    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:25:30.112    Disk 0 Vendor: TOSHIBA_ GB00 Size: 305245MB BusType: 3
15:25:30.284    Disk 0 MBR read successfully
15:25:30.292    Disk 0 MBR scan
15:25:30.439    Disk 0 Windows 7 default MBR code
15:25:30.460    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
15:25:30.542    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152622 MB offset 821248
15:25:30.630    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152222 MB offset 313391104
15:25:31.054    Disk 0 scanning C:\Windows\system32\drivers
15:26:08.976    Service scanning
15:28:00.410    Modules scanning
15:28:00.429    Disk 0 trace - called modules:
15:28:00.456    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:28:00.895    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006396060]
15:28:00.907    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004513050]
15:28:00.914    Scan finished successfully
15:30:20.674    Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
15:30:20.754    The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-12 15:24:03
-----------------------------
15:24:03.167    OS Version: Windows x64 6.1.7601 Service Pack 1
15:24:03.167    Number of processors: 4 586 0x2A07
15:24:03.169    ComputerName: LISA-OSUL  UserName: Lisa
15:24:05.901    Initialize success
15:24:37.897    AVAST engine defs: 14061200
15:25:30.104    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:25:30.112    Disk 0 Vendor: TOSHIBA_ GB00 Size: 305245MB BusType: 3
15:25:30.284    Disk 0 MBR read successfully
15:25:30.292    Disk 0 MBR scan
15:25:30.439    Disk 0 Windows 7 default MBR code
15:25:30.460    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
15:25:30.542    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152622 MB offset 821248
15:25:30.630    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152222 MB offset 313391104
15:25:31.054    Disk 0 scanning C:\Windows\system32\drivers
15:26:08.976    Service scanning
15:28:00.410    Modules scanning
15:28:00.429    Disk 0 trace - called modules:
15:28:00.456    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:28:00.895    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006396060]
15:28:00.907    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004513050]
15:28:00.914    Scan finished successfully
15:30:20.674    Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
15:30:20.754    The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"
15:36:37.693    Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
15:36:37.999    The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"

  • 0

#15
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Hello Steven. Would you be able to check to see if the file is situated within C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt?


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP