nuley Posted June 12, 2014 Posted June 12, 2014 (edited) [ATTACH]1224.vB5-legacyid=2231[/ATTACH][ATTACH]1225.vB5-legacyid=2232[/ATTACH] Dear friends Teenage daughter's laptop is full of viruses - websites keep being hijacked and sent to betting sites. I have run MBAM and OTL - PLEASE NOTE I had a brainstorm and ran MBAM twice by mistake, so I'll post both logs - sorry about that. It didn't ask me to restart either time round. I'll try to post as attachments. Aargh - I've just tried to post first MBAM log but it's too large. What can I do? I've tried to attach 2nd MBAM log and OTL log - did they work? I'd be very grateful for any help please! Thank you as ever Nuley Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/06/2014 Scan Time: 20:51:44 Logfile: mbam2.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.12.11 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Maya Scan Type: Threat Scan Result: Completed Objects Scanned: 297229 Time Elapsed: 20 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 2 PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe, 3384, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9] PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe, 3160, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9] Modules: 42 PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Interop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sidb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbe.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spusm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbsau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sipb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sismlp.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], Files: 44 PUP.Optional.Superfish.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, No Action By User, [cbd0caad2c4f8ea80442f5b1669cf10f], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\DomainBlackList.xml, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Interop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sidb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbe.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spusm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbsau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sipb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sismlp.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9], PUP.Optional.Snapdo.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=hp&installDate=11/02/2014",), No Action By User,[3d5e57205b200531d419f6ab12f28d73] PUP.Optional.Snapdo.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014",), No Action By User,[e6b56b0c304bc76f8b63970a17eda957] Physical Sectors: 0 (No malicious items detected) OTL logfile created on: 6/12/2014 9:17:18 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maya\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.95 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 67.79% Memory free 11.90 Gb Paging File | 9.53 Gb Available in Paging File | 80.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.45 Gb Total Space | 137.08 Gb Free Space | 46.08% Space Free | Partition Type: NTFS Drive D: | 298.33 Gb Total Space | 284.18 Gb Free Space | 95.26% Space Free | Partition Type: NTFS Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VINCENOIR | User Name: Maya | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maya\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar) PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe () MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c34cba1e69f34c631165ac6cd262b853\UIAutomationClientsideProviders.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\af9b7806a22b33ad03c577f6eb4c49d7\UIAutomationClient.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (gzserv) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Bitdefender) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (70e6ca8c) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (dbjhkexy) -- C:\Windows\SysNative\drivers\obdduhi.sys (Malwarebytes Corporation) DRV:64bit: - (bdfwfpf) -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys (Bitdefender SRL) DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFePoBG0uZqi5Ed3dbwxU6oWAFX-UQbbhwvoOays_TfQ-R1HFIlJJ2lXAjPK8hjzwV3pXntYrKlNIB1RlhwTJ57LstQfqKxjp6u0a7u362H6xRQ68Si8pyAmJ0jhBhThDRs9P_WbVbX6Q0mIDMcak5_fy6Q,&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB459 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Maya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=hp&installDate=11/02/2014 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: FiineDeaLSoft = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbneldpobjoppehbkgemphjcggbphmjn\4.4\ CHR - Extension: Todays Schedule in Google Calendar = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnp***fhjhipc\163\ CHR - Extension: MediaPlayerEnhance = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\crossrider CHR - Extension: MediaPlayerEnhance = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\ CHR - Extension: Google Wallet = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Feven 1.8 = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\crossrider CHR - Extension: Feven 1.8 = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\ O1 HOSTS File: ([2013/10/27 11:03:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923E3EE9-50A1-44E7-BA27-12142328C298}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll () O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/06/12 20:51:05 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\obdduhi.sys [2014/06/12 20:21:52 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/06/12 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/06/12 20:21:24 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/06/12 20:21:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/06/12 20:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/06/12 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{B5A81C6C-1E0E-4736-BD54-77B43158FA1A} [2014/06/10 17:37:48 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{5ED29BFF-531B-4260-8CD7-EB9E014B2E7D} [2014/06/07 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{95DFF98A-0D9A-4B8B-8E16-073060024E86} [2014/06/03 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{04EC732B-54D0-4F03-9537-148CB741B5F4} [2014/06/02 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{F15BA016-581B-4EF6-997F-E51A63766045} [2014/06/02 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\Facebook [2014/05/24 11:35:46 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{9F3D82C7-E7BE-4B64-8077-FE7A860C5599} [2014/05/17 09:44:28 | 000,000,000 | -HSD | C] -- C:\Users\Maya\AppData\Local\EmieUserList [2014/05/17 09:44:28 | 000,000,000 | -HSD | C] -- C:\Users\Maya\AppData\Local\EmieSiteList [2014/05/15 16:41:32 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/05/15 16:41:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/05/15 16:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2014/05/15 16:34:29 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014/05/15 16:34:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014/05/15 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{EF5CFE9D-E652-4747-BE74-ACDBC0E2653C} [2014/05/14 21:47:33 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014/05/14 21:47:32 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2014/05/14 21:47:31 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014/05/14 21:47:31 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2014/05/14 21:47:31 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll [2014/05/14 21:47:31 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2014/05/14 21:47:27 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll [2014/05/14 21:47:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2014/05/14 21:47:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2014/05/14 21:47:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll [2014/05/14 21:47:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll [2014/05/14 21:47:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll [2014/05/14 21:47:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll [2014/05/14 21:47:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll [2014/05/14 21:47:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll [2014/05/14 21:47:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll [2014/05/14 21:47:27 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll [2014/05/14 21:47:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll [2014/05/14 21:47:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll [2014/05/14 21:47:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll [2014/05/14 21:47:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll [2014/05/14 21:47:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2014/05/14 21:47:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2014/05/14 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{9F6F7F4D-3479-4862-BC79-6485484C387F} [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/06/12 20:51:37 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/06/12 20:51:05 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\obdduhi.sys [2014/06/12 20:38:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/06/12 20:38:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/06/12 20:22:10 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/06/12 20:22:10 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/06/12 20:21:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/06/12 20:06:47 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job [2014/06/12 20:06:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/06/12 16:36:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job [2014/06/12 16:36:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/06/10 18:24:19 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Maya.job [2014/06/09 19:37:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2014/05/17 13:21:50 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk [2014/05/14 19:16:58 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/05/14 19:16:58 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/06/12 20:21:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/06/02 16:25:31 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job [2014/06/02 16:25:30 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job [2014/05/17 13:21:50 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk [2014/01/03 21:38:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat [2013/10/26 12:04:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/10/26 12:04:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/10/26 12:04:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/10/26 12:04:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/10/26 12:04:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/10/21 10:20:34 | 001,911,074 | ---- | C] () -- C:\ProgramData\1382346972.bdinstall.bin [2012/01/13 18:45:24 | 000,008,192 | ---- | C] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/20 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\.minecraft [2012/01/18 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2014/01/03 21:38:07 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\CocotronLibrary [2014/02/11 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Optimizer Pro [2013/08/19 12:12:57 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Origin [2013/10/21 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\QuickScan [2013/08/22 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\SecondLife [2011/11/26 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Toshiba [2012/09/16 07:51:39 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WildTangent [2012/04/23 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: TOSHIBA MK6475GSX Partitions: 3 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: True BootPartition: True PrimaryPartition: True Size: 399.00MB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 297.00GB Starting Offset: 419430400 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 298.00GB Starting Offset: 319804145664 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2013/10/27 11:06:34 | 000,028,408 | ---- | M] () -- C:\ComboFix.txt [2014/06/09 19:37:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2014/06/09 19:38:05 | 2092,810,239 | -HS- | M] () -- C:\pagefile.sys [2011/08/03 12:02:12 | 000,000,070 | -H-- | M] () -- C:\SWSTAMP.TXT < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/08 03:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2014/03/08 02:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/08 03:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2014/03/08 02:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) < End of report >mbam2.txtOTL.Txt Edited June 13, 2014 by seedy21 Quote
KenB Posted June 13, 2014 Posted June 13, 2014 Hi Nuley one of our Security Experts will be along to help shortly. I can see from the logs that many of the entries are PUPs - Potentially Unwanted Programs .......not necessarily bad ...just annoying :) The security guys will advise further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted June 13, 2014 Posted June 13, 2014 Hi Nuley Teenage daughter's laptop is full of viruses Don't be too hard on her..... this problem is not virus related. This problem is Adware based. PUP's are added as third party programs to legit 'Free' programs and some Updates. Basically it's down to greedy vendors adding these just to make money. PLEASE NOTE I had a brainstorm and ran MBAM twice by mistake, so I'll post both logs - sorry about that. Running MBAM more than once won't cause any problems at all. So no harm will be done. It didn't ask me to restart either time round. This explains why..... Processes: 2 PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\L rcnta.exe, 3384, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9] PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\S napDo.exe, 3160, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9] If you had selected the items for deletion, it may well have rebooted the system. Ok, let's get this sorted. Step 1 Optimizer Pro Please uninstall this from the system. Trust me when i say.... you don't want this program around. Step 2 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Step 3 For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your next reply, please submit: JRT.txt AdwCleaner report Both reports from FRST. Thanks Quote Member of:UNITE
nuley Posted June 14, 2014 Author Posted June 14, 2014 Thank you Starbuck for helping me yet again. Here are the logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Maya on 14/06/2014 at 18:32:43.63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro" Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{04EC732B-54D0-4F03-9537-148CB741B5F4} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{0A75E7AC-262E-4DAF-BBE4-DF5E05BE7C86} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{172CA05A-D4BF-4499-AD4E-229DE7EFB877} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{27B817EC-E042-4517-813C-9C6A0EB8FF34} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{2918B7F3-0B54-464C-B5C7-D2343AB74265} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{2BC50A13-9AAD-45C6-A4DD-130F76296633} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{42080899-655F-4716-9DF2-412163700B8F} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{4E907870-3CE5-459B-8FCC-66652646637A} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{50CC803A-CFAD-4CAB-9848-A4963F5CDCBA} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{5ED29BFF-531B-4260-8CD7-EB9E014B2E7D} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{5F555B64-FD30-433D-A7DF-C7B96A2E4CDD} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{68129D2F-3F13-4A1C-973A-0F0B13000D4F} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{802E6B10-89AD-414D-93D0-1DA0219CACA4} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{83690708-7A7E-4C8D-B5F0-4244A554D3C0} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{85DC2E4F-77DD-48D4-B148-1BD3853FC1EB} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{865C2874-D6F6-407F-B189-CB31E5472A26} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9445E35B-7F0D-4D69-A8E4-27643842D765} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{95DFF98A-0D9A-4B8B-8E16-073060024E86} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9F3D82C7-E7BE-4B64-8077-FE7A860C5599} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9F6F7F4D-3479-4862-BC79-6485484C387F} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{A6FE25C5-3129-4334-9889-C23D40E9B08D} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{A90ABADD-6330-411B-B73D-00735F59014F} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{B1EF1308-40EF-45BF-AC92-9BC59A2B9A94} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{B5A81C6C-1E0E-4736-BD54-77B43158FA1A} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{BA034073-6887-43E9-97C7-DAF03D8F7430} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{C38179A4-7AAF-44AE-B55D-752CEDD88AE3} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{C4D1AF85-CF3F-4E67-9473-6CAD7176B068} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{D7FA8956-DF06-49DF-A84B-B63EE9F42DBF} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{DC33F78A-DFE5-4979-BCC2-DCE27F4E59E2} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{DDB96B74-49DB-4CFA-BA08-1D4B1148DCC1} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{EF5CFE9D-E652-4747-BE74-ACDBC0E2653C} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F15BA016-581B-4EF6-997F-E51A63766045} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F2436A9D-A631-4275-BB91-717197F79E80} Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F48679E6-AD58-4CAC-AFD0-F5B1E5A040BB} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14/06/2014 at 18:42:42.94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.212 - Report created 14/06/2014 at 18:47:10 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Maya - VINCENOIR # Running from : C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMRPA3QR\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ApptoU Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer Folder Deleted : C:\Program Files (x86)\NewPlayer Folder Deleted : C:\Program Files (x86)\Uninstaller File Deleted : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\NewPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014 Deleted [search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=tuguu&country=us&feedid=infospace&st=nt&dpid=us&lan=en&start=1 Deleted [Homepage] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=hp&installDate=11/02/2014 ************************* AdwCleaner[R0].txt - [760 octets] - [21/10/2013 10:47:55] AdwCleaner[R1].txt - [882 octets] - [21/10/2013 10:58:13] AdwCleaner[R2].txt - [3084 octets] - [14/06/2014 18:45:37] AdwCleaner[s0].txt - [820 octets] - [21/10/2013 10:53:50] AdwCleaner[s1].txt - [942 octets] - [21/10/2013 10:58:52] AdwCleaner[s2].txt - [3039 octets] - [14/06/2014 18:47:10] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [3099 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by Maya (administrator) on VINCENOIR on 14-06-2014 18:53:47 Running from C:\Users\Maya\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG) HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3844903525-3029976620-4151861130-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-03] (Google Inc.) HKU\S-1-5-21-3844903525-3029976620-4151861130-1001\...\Run: [Facebook Update] => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-02] (Facebook Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Maya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA" CHR DefaultSearchKeyword: search.snapdo.com CHR DefaultSearchProvider: Web CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014 CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File CHR Plugin: (Windows LiveÃ�Â� Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (FiineDeaLSoft) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbneldpobjoppehbkgemphjcggbphmjn [2014-03-17] CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnp***fhjhipc [2014-06-10] CHR Extension: (MediaPlayerEnhance) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2014-02-20] CHR Extension: (Google Wallet) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12] CHR Extension: (Feven 1.8) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2014-02-19] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2014-06-09] (Bitdefender) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-10-21] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-10-21] (Bitdefender SRL) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) S3 Tosrfcom; No ImagePath R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 catchme; \??\C:\Combo-Fix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-14 18:53 - 2014-06-14 18:54 - 00017168 _____ () C:\Users\Maya\Desktop\FRST.txt 2014-06-14 18:53 - 2014-06-14 18:53 - 02081792 _____ (Farbar) C:\Users\Maya\Desktop\FRST64.exe 2014-06-14 18:53 - 2014-06-14 18:53 - 00000000 ____D () C:\FRST 2014-06-14 18:50 - 2014-06-14 18:50 - 00003191 _____ () C:\Users\Maya\Desktop\AdwCleaner[s2].txt 2014-06-14 18:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-14 18:42 - 2014-06-14 18:42 - 00004988 _____ () C:\Users\Maya\Desktop\JRT.txt 2014-06-14 18:32 - 2014-06-14 18:32 - 01016261 _____ (Thisisu) C:\Users\Maya\Downloads\JRT (2).exe 2014-06-14 16:17 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Maya\Documents\Electronic Arts 2014-06-12 21:40 - 2014-06-12 21:40 - 00098612 _____ () C:\Users\Maya\Downloads\OTL.Txt 2014-06-12 21:15 - 2014-06-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\Maya\Downloads\OTL.scr 2014-06-12 20:25 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 20:25 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 20:25 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 20:25 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 20:25 - 2014-05-30 10:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 20:25 - 2014-05-30 10:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 20:25 - 2014-05-30 10:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 20:25 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 20:25 - 2014-05-30 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 20:25 - 2014-05-30 10:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 20:25 - 2014-05-30 10:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 20:25 - 2014-05-30 10:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 20:25 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 20:25 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 20:25 - 2014-05-30 10:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 20:25 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 20:25 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 20:25 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 20:25 - 2014-05-30 09:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 20:25 - 2014-05-30 09:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 20:25 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 20:25 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 20:25 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 20:25 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 20:25 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 20:25 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 20:25 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 20:25 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 20:25 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 20:25 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 20:25 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 20:25 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 20:25 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 20:25 - 2014-05-30 09:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 20:25 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 20:25 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 20:25 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 20:25 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 20:25 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 20:25 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 20:25 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 20:25 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 20:25 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 20:25 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 20:25 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 20:25 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 20:25 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 20:25 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 20:25 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 20:25 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 20:25 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 20:25 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 20:25 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 20:25 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 20:25 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 20:25 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 20:25 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 20:25 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 20:25 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 20:25 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 20:25 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 20:25 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 20:25 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 20:25 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 20:24 - 2014-06-08 10:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-12 20:24 - 2014-06-08 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-12 20:21 - 2014-06-12 22:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-12 20:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-12 20:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-12 20:20 - 2014-06-12 20:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 16:25 - 2014-06-14 16:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job 2014-06-02 16:25 - 2014-06-14 16:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job 2014-06-02 16:25 - 2014-06-02 16:25 - 00003898 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA 2014-06-02 16:25 - 2014-06-02 16:25 - 00003530 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core 2014-06-02 16:25 - 2014-06-02 16:25 - 00000000 ____D () C:\Users\Maya\AppData\Local\Facebook 2014-06-02 16:23 - 2014-06-02 16:23 - 00501248 _____ (Facebook Inc.) C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe 2014-06-01 14:52 - 2014-06-01 14:52 - 00808960 _____ () C:\Users\Maya\Downloads\Setup (6).exe 2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game.sb 2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game (1).sb 2014-05-22 21:10 - 2014-05-22 21:10 - 00807936 _____ () C:\Users\Maya\Downloads\New player.exe 2014-05-17 13:21 - 2014-05-17 13:21 - 00002170 _____ () C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk 2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieUserList 2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieSiteList 2014-05-15 16:34 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 16:34 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ==================== One Month Modified Files and Folders ======= 2014-06-14 18:54 - 2014-06-14 18:53 - 00017168 _____ () C:\Users\Maya\Desktop\FRST.txt 2014-06-14 18:54 - 2011-11-25 18:32 - 00000000 ____D () C:\Users\Maya\AppData\Local\Temp 2014-06-14 18:53 - 2014-06-14 18:53 - 02081792 _____ (Farbar) C:\Users\Maya\Desktop\FRST64.exe 2014-06-14 18:53 - 2014-06-14 18:53 - 00000000 ____D () C:\FRST 2014-06-14 18:52 - 2011-10-05 04:02 - 01814174 _____ () C:\Windows\WindowsUpdate.log 2014-06-14 18:50 - 2014-06-14 18:50 - 00003191 _____ () C:\Users\Maya\Desktop\AdwCleaner[s2].txt 2014-06-14 18:49 - 2011-08-03 11:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-14 18:48 - 2010-11-21 04:47 - 00560134 _____ () C:\Windows\PFRO.log 2014-06-14 18:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-14 18:48 - 2009-07-14 05:51 - 00089859 _____ () C:\Windows\setupact.log 2014-06-14 18:47 - 2013-10-21 10:47 - 00000000 ____D () C:\AdwCleaner 2014-06-14 18:42 - 2014-06-14 18:42 - 00004988 _____ () C:\Users\Maya\Desktop\JRT.txt 2014-06-14 18:38 - 2012-04-19 19:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-14 18:38 - 2011-08-03 11:00 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-14 18:32 - 2014-06-14 18:32 - 01016261 _____ (Thisisu) C:\Users\Maya\Downloads\JRT (2).exe 2014-06-14 16:30 - 2014-06-02 16:25 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job 2014-06-14 16:30 - 2014-06-02 16:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job 2014-06-14 16:20 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-14 16:20 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-14 16:17 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Maya\Documents\Electronic Arts 2014-06-14 16:17 - 2013-10-25 14:51 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-14 16:17 - 2012-12-29 12:27 - 00000000 ____D () C:\ProgramData\Origin 2014-06-14 16:16 - 2014-01-25 16:12 - 00000000 ____D () C:\Users\Maya\Documents\Rubbish 2014-06-14 16:12 - 2011-10-05 04:19 - 00000000 ____D () C:\Windows\Options 2014-06-12 22:28 - 2013-10-20 13:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 22:25 - 2013-10-20 13:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-12 22:23 - 2011-11-25 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 22:21 - 2014-05-10 09:01 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-12 22:11 - 2014-06-12 20:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-12 21:40 - 2014-06-12 21:40 - 00098612 _____ () C:\Users\Maya\Downloads\OTL.Txt 2014-06-12 21:15 - 2014-06-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\Maya\Downloads\OTL.scr 2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-12 20:21 - 2013-10-20 14:34 - 00000000 ____D () C:\Users\Maya\AppData\Roaming\Malwarebytes 2014-06-12 20:21 - 2013-10-20 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-12 20:20 - 2014-06-12 20:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 18:24 - 2012-12-03 10:23 - 00000446 ____H () C:\Windows\Tasks\Norton Security Scan for Maya.job 2014-06-10 17:51 - 2011-11-26 15:11 - 00000000 ____D () C:\Users\Maya\Documents\Maya 2014-06-10 17:50 - 2014-03-17 22:29 - 00000000 ____D () C:\ProgramData\5e7901c99e537465 2014-06-08 10:13 - 2014-06-12 20:24 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:08 - 2014-06-12 20:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-02 16:25 - 2014-06-02 16:25 - 00003898 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA 2014-06-02 16:25 - 2014-06-02 16:25 - 00003530 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core 2014-06-02 16:25 - 2014-06-02 16:25 - 00000000 ____D () C:\Users\Maya\AppData\Local\Facebook 2014-06-02 16:23 - 2014-06-02 16:23 - 00501248 _____ (Facebook Inc.) C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe 2014-06-01 14:52 - 2014-06-01 14:52 - 00808960 _____ () C:\Users\Maya\Downloads\Setup (6).exe 2014-05-30 11:21 - 2014-06-12 20:25 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 11:02 - 2014-06-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 11:02 - 2014-06-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 10:45 - 2014-06-12 20:25 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 10:39 - 2014-06-12 20:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 10:39 - 2014-06-12 20:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 10:38 - 2014-06-12 20:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 10:28 - 2014-06-12 20:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 10:27 - 2014-06-12 20:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 10:24 - 2014-06-12 20:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 10:21 - 2014-06-12 20:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 10:21 - 2014-06-12 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 10:20 - 2014-06-12 20:25 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 10:18 - 2014-06-12 20:25 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 10:11 - 2014-06-12 20:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 10:08 - 2014-06-12 20:25 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 10:06 - 2014-06-12 20:25 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 10:02 - 2014-06-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 09:55 - 2014-06-12 20:25 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 09:49 - 2014-06-12 20:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 09:46 - 2014-06-12 20:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 09:44 - 2014-06-12 20:25 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 09:44 - 2014-06-12 20:25 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 09:43 - 2014-06-12 20:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 09:42 - 2014-06-12 20:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 09:38 - 2014-06-12 20:25 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 09:35 - 2014-06-12 20:25 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 09:34 - 2014-06-12 20:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 09:33 - 2014-06-12 20:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 09:30 - 2014-06-12 20:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 09:29 - 2014-06-12 20:25 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 09:28 - 2014-06-12 20:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 09:27 - 2014-06-12 20:25 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 09:24 - 2014-06-12 20:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 09:23 - 2014-06-12 20:25 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 09:16 - 2014-06-12 20:25 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 09:10 - 2014-06-12 20:25 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 09:06 - 2014-06-12 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 09:04 - 2014-06-12 20:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 09:02 - 2014-06-12 20:25 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 08:56 - 2014-06-12 20:25 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 08:56 - 2014-06-12 20:25 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 08:54 - 2014-06-12 20:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 08:50 - 2014-06-12 20:25 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 08:49 - 2014-06-12 20:25 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 08:43 - 2014-06-12 20:25 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 08:40 - 2014-06-12 20:25 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 08:30 - 2014-06-12 20:25 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 08:21 - 2014-06-12 20:25 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 08:15 - 2014-06-12 20:25 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 08:13 - 2014-06-12 20:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 08:13 - 2014-06-12 20:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game.sb 2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game (1).sb 2014-05-22 21:10 - 2014-05-22 21:10 - 00807936 _____ () C:\Users\Maya\Downloads\New player.exe 2014-05-21 20:20 - 2011-11-25 18:40 - 00000000 ___RD () C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-21 20:20 - 2011-11-25 18:32 - 00000000 ___RD () C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-17 13:21 - 2014-05-17 13:21 - 00002170 _____ () C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk 2014-05-17 13:21 - 2011-08-03 10:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 13:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-17 12:23 - 2012-12-29 12:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieUserList 2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieSiteList 2014-05-15 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache Files to move or delete: ==================== C:\ProgramData\sysqcl1129067056.dat Some content of TEMP: ==================== C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll C:\Users\Maya\AppData\Local\Temp\hej372gw.dll C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll C:\Users\Maya\AppData\Local\Temp\Quarantine.exe C:\Users\Maya\AppData\Local\Temp\wmp.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-10 18:26 ==================== End Of Log ============================ Last log to follow in next post - it's too long otherwise. N Quote
nuley Posted June 14, 2014 Author Posted June 14, 2014 Here's the addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by Maya at 2014-06-14 18:56:02 Running from C:\Users\Maya\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== ActiveX-kontroll för fjärran****ningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.) BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Comic Life 2 (HKLM-x32\...\{A8405D99-9D76-4456-8752-87DA930CC3A3}) (Version: 2.2.6.0 - plasq LLC) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) iTunes (HKLM\...\{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}) (Version: 10.5.1.42 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG) Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG) Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG) Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG) NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.5.5 - Symantec Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Snap.Do Engine (HKCU\...\{2b1d04de-b0b3-4359-8336-6b452868a92f}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts) The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - ) TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - ) TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION) TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios) Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 04-06-2014 19:40:24 Scheduled Checkpoint 12-06-2014 20:21:02 OTL Restore Point - 6/12/2014 9:20:58 PM 12-06-2014 21:20:23 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-10-27 11:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {04D1CB32-BAE9-4B6C-8C51-9F389D74E914} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-02] (Facebook Inc.) Task: {0B38F805-A5BA-4F33-97A2-AD8F9D7E647F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {0E21F32F-DDC9-4290-B4B2-7CFAACC8DDD3} - System32\Tasks\Norton Security Scan for Maya => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.5.5\Nss.exe [2012-10-22] (Symantec Corporation) Task: {680108B8-4A1F-4BAB-9BF3-DACC6EC79DE6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {6D1F6CF0-F2AB-4D41-AD39-7C8540004AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.) Task: {6D715F29-2282-43FA-8A69-19F6B029419E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.) Task: {6FD83064-C8C8-4105-A0D7-3898946C7878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {7514799E-F6CB-47D0-9F49-59FFD609BB89} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {AFB316AD-305B-424E-BC80-A3E0C4DF817D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-02] (Facebook Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Security Scan for Maya.job => C:\PROGRA~2\NORTON~2\Engine\375~1.5\Nss.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-09 19:45 - 2014-06-09 19:45 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2014-06-09 19:46 - 2014-06-09 19:46 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2011-04-04 18:18 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2010-12-15 14:19 - 2010-12-15 14:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll 2011-08-03 10:52 - 2011-04-21 09:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll 2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Maya\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\AdwCleaner (1).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\AdwCleaner.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\jre-7u45-windows-x64 (1).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\jre-7u45-windows-x64.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\JRT (1).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\JRT (2).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\JRT.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\New player.exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\OTL.scr:BDU AlternateDataStreams: C:\Users\Maya\Downloads\Setup (6).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (1).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (2).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (3).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (4).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (5).exe:BDU AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2014 06:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Microsoft Office Sessions: ========================= Error: (06/14/2014 06:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-10-27 10:02:14.498 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-27 10:02:14.420 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-27 10:02:14.342 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-27 10:02:14.264 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-26 12:12:37.255 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-26 12:12:37.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 6091.86 MB Available physical RAM: 4091.24 MB Total Pagefile: 12181.9 MB Available Pagefile: 10020.69 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:132.2 GB) NTFS Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:284.18 GB) NTFS Drive e: (BBCDVD3494) (CDROM) (Total:4.38 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 36578230) Partition 1: (Active) - (Size=399 MB) - (Type=27) Partition 2: (Not Active) - (Size=297 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you! All best Nuley Quote
Starbuck Posted June 14, 2014 Posted June 14, 2014 Hi Nuley Thank you Starbuck for helping me yet again. It's no problem at all. A few things for you to do. Let's hope your Daughter appreciates the time you are spending on this. Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 2 Double click on OTL to run it. Vista/Windows 7 users right-click and select Run As Administrator. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :otl PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar) PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2013/10/26 12:04:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/10/26 12:04:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/10/26 12:04:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/10/26 12:04:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/10/26 12:04:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014/02/11 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Optimizer Pro :Files C:\Users\Maya\AppData\Local\Smartbar C:\ComboFix.txt ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Reset Google Chrome Click the Menu option button at the top right of the Google Chrome screen Select Settings. Click Show advanced settings and find the "Reset browser settings” section. Click Reset browser settings. In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes. Resetting your browser settings will impact the settings below: Default search engine and saved search engines will be reset and to their original defaults. Homepage button will be hidden and the URL that you previously set will be removed. Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook. New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved. Pinned tabs will be unpinned. Content settings will be cleared and reset to their installation defaults. Cookies and site data will be cleared. Extensions and themes will be disabled. Step 4 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop. Scroll down to where it says "Java SE 8 Update 5". Click the "Download JRE " button. Accept the license agreement. select 'Windows x64.exe' from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. . Java 7 Update 45 Java 6 Update 20 . Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. In your next reply, please submit: Fixlog.txt OTL fix report and let me know how the other 2 steps went. Thanks.fixlist.txt Quote Member of:UNITE
nuley Posted June 24, 2014 Author Posted June 24, 2014 Dear Starbuck Thanks for this. Daughter had hidden all the previous OTL and FRST stuff as it was 'messing up the desktop'... such is the gratitude of teens!!! Still, here are the logs! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by Maya at 2014-06-24 20:14:54 Run:1 Running from C:\Users\Maya\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM-x32 - DefaultScope value is missing. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 catchme; \??\C:\Combo-Fix\catchme.sys [X] C:\ProgramData\sysqcl1129067056.dat C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll C:\Users\Maya\AppData\Local\Temp\hej372gw.dll C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll C:\Users\Maya\AppData\Local\Temp\Quarantine.exe C:\Users\Maya\AppData\Local\Temp\wmp.dll Task: {0B38F805-A5BA-4F33-97A2-AD8F9D7E647F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe C:\Program Files\AVAST Software Reboot: ***************** HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully. catchme => Service deleted successfully. C:\ProgramData\sysqcl1129067056.dat => Moved successfully. C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\hej372gw.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll => Moved successfully. C:\Users\Maya\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Maya\AppData\Local\Temp\wmp.dll => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B38F805-A5BA-4F33-97A2-AD8F9D7E647F}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B38F805-A5BA-4F33-97A2-AD8F9D7E647F}' => Key deleted successfully. C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update' => Key deleted successfully. C:\Program Files\AVAST Software => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== All processes killed ========== OTL ========== No active process named SnapDo.exe was found! No active process named Lrcnta.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. C:\Windows\PEV.exe moved successfully. C:\Windows\MBR.exe moved successfully. C:\Windows\sed.exe moved successfully. C:\Windows\grep.exe moved successfully. C:\Windows\zip.exe moved successfully. Folder C:\Users\Maya\AppData\Roaming\Optimizer Pro\ not found. ========== FILES ========== File\Folder C:\Users\Maya\AppData\Local\Smartbar not found. C:\ComboFix.txt moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Maya\Desktop\cmd.bat deleted successfully. C:\Users\Maya\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Maya ->Temp folder emptied: 4091970507 bytes ->Temporary Internet Files folder emptied: 462185562 bytes ->Java cache emptied: 39785 bytes ->Google Chrome cache emptied: 436698621 bytes ->Flash cache emptied: 39747 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 172649845 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 912663666 bytes Total Files Cleaned = 5,795.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 06242014_202004 Files\Folders moved on Reboot... File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_left.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_left.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_right.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_right.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_middle.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_middle.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\award.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\award.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\back.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\back.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_award_flow.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_award_flow.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_install_steps.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_install_steps.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_tall.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_tall.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_uninstall.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_uninstall.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bd_logo.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bd_logo.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_AlertWindow.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_AlertWindow.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_header_image.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_header_image.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_active.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_active.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_picture.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_picture.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_shadow.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_shadow.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_active.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_active.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_disabled.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_disabled.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_active.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_active.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_disabled.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_disabled.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_disabled.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_disabled.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_disabled.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_disabled.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\close.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\close.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\delete_normal.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\delete_normal.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\details_button.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\details_button.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\feedback_banner.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\feedback_banner.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\flow_background.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\flow_background.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_alert.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_alert.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical_big.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical_big.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done_big.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done_big.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_informative.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_informative.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_notok.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_notok.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_ok.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_ok.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_sb.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_sb.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_skipped.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_skipped.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\input_bg.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\input_bg.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\loader_install.gif scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\loader_install.gif.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\lock_normal.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\lock_normal.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\minimize.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\minimize.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\open_normal.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\open_normal.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\pending.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\pending.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\products_chart.jpg scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\products_chart.jpg.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_not_ok.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_not_ok.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_ok.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_ok.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bg.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bg.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\qs_scan_log.xsl scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\qs_scan_log.xsl.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_next.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_next.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_prev.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_prev.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_fb.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_fb.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_go.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_go.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_line.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_line.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tabel.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tabel.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_top_text.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_top_text.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tw.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tw.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\small_shadow.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\small_shadow.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_off.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_off.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_on.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_on.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\status_bg.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\status_bg.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_active.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_active.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\top_header_bg.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\top_header_bg.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\unlock_normal.png scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\unlock_normal.png.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow1.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow1.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow2.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow2.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\bdHtmlBox.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\bdHtmlBox.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\cpptexts.xlf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\cpptexts.xlf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\en-US.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\en-US.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text_en.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text_en.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\general.xlf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\general.xlf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpaph.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpaph.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpgeneric.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpgeneric.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpmalware.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpmalware.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\installer.xlf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\installer.xlf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\it-IT.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\it-IT.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.online scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.online.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\logs.xlf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\logs.xlf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\main.ui.css scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\main.ui.css.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\notifications.xlf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\notifications.xlf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm_p.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm_p.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\repair_progress.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\repair_progress.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\setup_progress.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\setup_progress.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\uninstall_progress.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\uninstall_progress.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\welcome.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\welcome.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ACA.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Ad-Aware.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Advanced_System_Protect.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\alading.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\AntiVir.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\avast5.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\AVG.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Avira.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BackWeb-4476822.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BBC.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender 2011.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Anti-Theft.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Antivirus.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Bussiness Client.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Internet Security.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Total Security.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BullGuard.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\cciss.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\COMODO.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\DRWEB.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ESET.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\eTrust.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\F-Secure.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\G Data.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\GUIDs.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\JiangMin.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Kaspersky.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Kingsoft.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\kingsoftSafeguard.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\kv antivirus.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Lavasoft.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\McAfee.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\MicroPoint.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Microsoft Security Essentials.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Mobile.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\MSC.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Norman.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Norton.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\OfficeScan95.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\OfficeScanNT.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Panda.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\PC Tools.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Premium.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\qqpcmgr.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\qqprotect.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Rav.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\RFW.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Ris.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\safeguard360.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ServerProtect.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\SunBelt.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Trend Micro.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\VETWIN32Vp5.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Virus.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Webroot.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\WinSS.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ZoneAlarm.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\core\bdcore.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\core\bdcore.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\additional.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\additional.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\avcheck.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\avcheck.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdardrv.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdardrv.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdmetrics.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdmetrics.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ini scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ini.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ipv4 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\contacts.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\contacts.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\detection.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzflt.sys scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzflt.sys.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzfltum.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzfltum.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\htmlayout.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\htmlayout.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\Installer.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\Installer.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\installerpackage.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\installerpackage.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x64.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x64.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x86.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x86.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\no_connection.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\no_connection.html.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\npcomm.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\npcomm.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\pluginsx64.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\pluginsx64.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qscan.txt scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.html scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\servers.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\servers.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\setuplauncher.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\setuplauncher.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\ThreatScanner.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\ThreatScanner.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.sys scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.sys.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\unrar64.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\unrar64.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update_config.xml scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update_config.xml.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\UserGuide.pdf scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\UserGuide.pdf.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wslib.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wslib.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wspack.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wspack.dll.md5 scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wsutils.dll scheduled to be moved on reboot. File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wsutils.dll.md5 scheduled to be moved on reboot. C:\Users\Maya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\Maya\AppData\Local\Temp\gziface1.log scheduled to be moved on reboot. File\Folder C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XXSY456I\10689-Before-posting-for-Malware-Removal-help-WinXP-Vista-and-Win7[2].htm not found! File\Folder C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XXSY456I\tweet_button.1403226798[1].htm not found! C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File\Folder C:\Windows\temp\CR_5BDC0.tmp\setup.exe not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... I managed the two other steps, re-doing Chrome and uninstalling old Java/reinstalling Java 7. Also Adobe needed updating (so it told me) so I updated. Thanks again Nuley Quote
Starbuck Posted June 24, 2014 Posted June 24, 2014 Hi Nuley Daughter had hidden all the previous OTL and FRST stuff as it was 'messing up the desktop' Kids make you laugh..... they worry about a few icons on the desktop, but the system is a mess! :) Total Files Cleaned = 5,795.00 mb That is going to make the system feel a lot better. I managed the two other steps, re-doing Chrome and uninstalling old Java/reinstalling Java 7. Mmm a bit concerned here. (hopefully you made a mistake when typing) This is what you should have removed: Java 7 Update 45 Java 6 Update 20 This what you should have installed: Java Runtime Environment (JRE) 8 Update 5 If you can keep your daughter away from the PC long enough: (this may take awhile to scan ) I'd like you to do an ESET OnlineScan 64Bit users, please see note at the bottom. You may find it beneficial to close your resident AV program before running the scan. It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. If asked, allow the activex control to install For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: As you are running a 64bit system: The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu. Thanks Quote Member of:UNITE
nuley Posted June 26, 2014 Author Posted June 26, 2014 Thanks for this. Yes, I meant Java 7, I've checked and I've got Java 8 - me not being very up to date. I started running eset in Chrome as I hadn't read to the very bottom, so I stopped it and re-ran as admin in IE. I hope the log's OK. Here it is: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\221_icm_downloads_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup (2).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup (3).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup (4).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup (5).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Users\Maya\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined C:\Windows\Installer\MSIC34F.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined C:\Windows\Installer\MSIC34F.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined And it did take ages! But hopefully well worth doing. All best Nuley Quote
Starbuck Posted June 26, 2014 Posted June 26, 2014 Hi Nuley I started running eset in Chrome as I hadn't read to the very bottom, so I stopped it and re-ran as admin in IE. Actually Chrome would have been ok. Chances are the version of Chrome you are running will be 32bit. Google have only just released a 64bit version and that is only available from The developer channels at the moment. And it did take ages! But hopefully well worth doing. Eset is very thorough, that's why it takes so long. Eset only found more PuP's and some of that wasn't actually active. Nothing really malicious found. How is the system running now? If everything is fine, we can start to finish off the cleaning process. Quote Member of:UNITE
nuley Posted June 27, 2014 Author Posted June 27, 2014 Dear Starbuck It all looks fine and both Chrome and IE seem to be running fine, thank you. I'll turn Bitdefender back on! Cheers Nuley Quote
Starbuck Posted June 27, 2014 Posted June 27, 2014 Hi Nuley, Let's finish the cleaning process and remove the tools we have used. We'll also set you a fresh restore point. Step 1 Restart MBAM. Click on the History tab >> Quarantine Tick to select any items and then click the Delete button. Close MBAM. Step 2 Download Delfix and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore http://img.photobucket.com/albums/v708/starbuck50/delf_zpsb39a5ff3.png . Click the Run button. When the tool has finished, a log will open in notepad.... but i don't actually need this report Step 3 Eset can be removed using the Remove Programs feature in Control Panel. To find out how you may have been infected....read this topic: How did i get infected? Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Only install one AntiVirus program Update your AntiVirus Software regularly Use a Firewall Only install one software Firewall Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. Use an alternative browser to Internet Explorer: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly. Alternatively, turn on the Automatic Updates. Peer to Peer programs Don't be tempted to use Peer to Peer programs. Many of the downloads are bundled with malware. Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
nuley Posted June 28, 2014 Author Posted June 28, 2014 Thank you so much - you've saved our surfing sanity yet again! I will go through the safety stuff with teenage daughter and try to get her to take ownership of the security a bit more (with some help of course). Thanks again. All best Nuley Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.