Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Register Log in

browser keeps being hijacked

nuley

nuley

Free PC Help Contributor
Joined
Jul 10, 2009
Messages
88
Location
big smoke
Beginner
View attachment mbam2.txtView attachment OTL.Txt

Dear friends

Teenage daughter's laptop is full of viruses - websites keep being hijacked and sent to betting sites.

I have run MBAM and OTL - PLEASE NOTE I had a brainstorm and ran MBAM twice by mistake, so I'll post both logs - sorry about that. It didn't ask me to restart either time round. I'll try to post as attachments.

Aargh - I've just tried to post first MBAM log but it's too large. What can I do? I've tried to attach 2nd MBAM log and OTL log - did they work?

I'd be very grateful for any help please!

Thank you as ever

Nuley

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/06/2014
Scan Time: 20:51:44
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.12.11
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Maya

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297229
Time Elapsed: 20 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 2
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe, 3384, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9]
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe, 3160, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9]

Modules: 42
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Interop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sidb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbe.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spusm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbsau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sipb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sismlp.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],

Files: 44
PUP.Optional.Superfish.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, No Action By User, [cbd0caad2c4f8ea80442f5b1669cf10f],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\DomainBlackList.xml, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Interop.WMPLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sidb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbe.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\spusm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srsbsau.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sipb.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\sismlp.dll, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9],
PUP.Optional.Snapdo.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=hp&installDate=11/02/2014",), No Action By User,[3d5e57205b200531d419f6ab12f28d73]
PUP.Optional.Snapdo.A, C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014",), No Action By User,[e6b56b0c304bc76f8b63970a17eda957]

Physical Sectors: 0
(No malicious items detected)



OTL logfile created on: 6/12/2014 9:17:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maya\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 67.79% Memory free
11.90 Gb Paging File | 9.53 Gb Available in Paging File | 80.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.45 Gb Total Space | 137.08 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive D: | 298.33 Gb Total Space | 284.18 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VINCENOIR | User Name: Maya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Maya\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srut.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srsbs.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srom.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srpdm.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srns.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srbu.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\srau.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sppsm.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\spbl.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\smta.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\smtu.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sgmu.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\siem.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\sgml.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\lrcnt.dll ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe ()
MOD - C:\Users\Maya\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c34cba1e69f34c631165ac6cd262b853\UIAutomationClientsideProviders.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\af9b7806a22b33ad03c577f6eb4c49d7\UIAutomationClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (gzserv) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Bitdefender)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (70e6ca8c) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dbjhkexy) -- C:\Windows\SysNative\drivers\obdduhi.sys (Malwarebytes Corporation)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys (Bitdefender SRL)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFePoBG0uZqi5Ed3dbwxU6oWAFX-UQbbhwvoOays_TfQ-R1HFIlJJ2lXAjPK8hjzwV3pXntYrKlNIB1RlhwTJ57LstQfqKxjp6u0a7u362H6xRQ68Si8pyAmJ0jhBhThDRs9P_WbVbX6Q0mIDMcak5_fy6Q,&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB459
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Maya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.com/?publisher=T...09d7e507&searchtype=hp&installDate=11/02/2014
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: FiineDeaLSoft = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbneldpobjoppehbkgemphjcggbphmjn\4.4\
CHR - Extension: Todays Schedule in Google Calendar = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnp***fhjhipc\163\
CHR - Extension: MediaPlayerEnhance = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\crossrider
CHR - Extension: MediaPlayerEnhance = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\
CHR - Extension: Google Wallet = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Feven 1.8 = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\crossrider
CHR - Extension: Feven 1.8 = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\

O1 HOSTS File: ([2013/10/27 11:03:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923E3EE9-50A1-44E7-BA27-12142328C298}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/12 20:51:05 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\obdduhi.sys
[2014/06/12 20:21:52 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/12 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/12 20:21:24 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/12 20:21:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/12 20:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/12 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{B5A81C6C-1E0E-4736-BD54-77B43158FA1A}
[2014/06/10 17:37:48 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{5ED29BFF-531B-4260-8CD7-EB9E014B2E7D}
[2014/06/07 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{95DFF98A-0D9A-4B8B-8E16-073060024E86}
[2014/06/03 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{04EC732B-54D0-4F03-9537-148CB741B5F4}
[2014/06/02 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{F15BA016-581B-4EF6-997F-E51A63766045}
[2014/06/02 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\Facebook
[2014/05/24 11:35:46 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{9F3D82C7-E7BE-4B64-8077-FE7A860C5599}
[2014/05/17 09:44:28 | 000,000,000 | -HSD | C] -- C:\Users\Maya\AppData\Local\EmieUserList
[2014/05/17 09:44:28 | 000,000,000 | -HSD | C] -- C:\Users\Maya\AppData\Local\EmieSiteList
[2014/05/15 16:41:32 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 16:41:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 16:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 16:34:29 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/15 16:34:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/15 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{EF5CFE9D-E652-4747-BE74-ACDBC0E2653C}
[2014/05/14 21:47:33 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 21:47:32 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 21:47:31 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 21:47:31 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 21:47:31 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 21:47:31 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 21:47:27 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 21:47:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 21:47:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 21:47:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 21:47:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 21:47:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 21:47:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 21:47:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 21:47:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 21:47:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 21:47:27 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 21:47:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 21:47:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 21:47:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 21:47:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 21:47:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 21:47:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/14 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{9F6F7F4D-3479-4862-BC79-6485484C387F}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/12 20:51:37 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/12 20:51:05 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\obdduhi.sys
[2014/06/12 20:38:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/12 20:38:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/12 20:22:10 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/12 20:22:10 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/12 20:21:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/12 20:06:47 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job
[2014/06/12 20:06:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/12 16:36:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job
[2014/06/12 16:36:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/10 18:24:19 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Maya.job
[2014/06/09 19:37:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/17 13:21:50 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk
[2014/05/14 19:16:58 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 19:16:58 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/12 20:21:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/02 16:25:31 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job
[2014/06/02 16:25:30 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job
[2014/05/17 13:21:50 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk
[2014/01/03 21:38:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat
[2013/10/26 12:04:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/26 12:04:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/26 12:04:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/26 12:04:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/26 12:04:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/21 10:20:34 | 001,911,074 | ---- | C] () -- C:\ProgramData\1382346972.bdinstall.bin
[2012/01/13 18:45:24 | 000,008,192 | ---- | C] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/20 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\.minecraft
[2012/01/18 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2014/01/03 21:38:07 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\CocotronLibrary
[2014/02/11 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Optimizer Pro
[2013/08/19 12:12:57 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Origin
[2013/10/21 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\QuickScan
[2013/08/22 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\SecondLife
[2011/11/26 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Toshiba
[2012/09/16 07:51:39 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WildTangent
[2012/04/23 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK6475GSX
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 399.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 297.00GB
Starting Offset: 419430400
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 319804145664
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2013/10/27 11:06:34 | 000,028,408 | ---- | M] () -- C:\ComboFix.txt
[2014/06/09 19:37:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/09 19:38:05 | 2092,810,239 | -HS- | M] () -- C:\pagefile.sys
[2011/08/03 12:02:12 | 000,000,070 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/08 03:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2014/03/08 02:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/06 09:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/08 03:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2014/03/08 02:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation)

< End of report >
 
Last edited by a moderator:
Hi Nuley

one of our Security Experts will be along to help shortly.

I can see from the logs that many of the entries are PUPs - Potentially Unwanted Programs .......not necessarily bad ...just annoying :)
The security guys will advise further.
 
Hi Nuley

Teenage daughter's laptop is full of viruses
Click to expand...
Don't be too hard on her..... this problem is not virus related.
This problem is Adware based.
PUP's are added as third party programs to legit 'Free' programs and some Updates.
Basically it's down to greedy vendors adding these just to make money.

PLEASE NOTE I had a brainstorm and ran MBAM twice by mistake, so I'll post both logs - sorry about that.
Click to expand...
Running MBAM more than once won't cause any problems at all.
So no harm will be done.

It didn't ask me to restart either time round.
Click to expand...
This explains why.....
Processes: 2
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\L rcnta.exe, 3384, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9]
PUP.Optional.SmartBar.A, C:\Users\Maya\AppData\Local\Smartbar\Application\S napDo.exe, 3160, No Action By User, [38637cfb86f5e74f7ab7f29528da37c9]
Click to expand...
If you had selected the items for deletion, it may well have rebooted the system.

Ok, let's get this sorted.

Step 1

Optimizer Pro
Please uninstall this from the system.
Trust me when i say.... you don't want this program around.


Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


Step 3
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png

  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png

  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
JRT.txt
AdwCleaner report
Both reports from FRST.


Thanks
 
Thank you Starbuck for helping me yet again.

Here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Maya on 14/06/2014 at 18:32:43.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{04EC732B-54D0-4F03-9537-148CB741B5F4}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{0A75E7AC-262E-4DAF-BBE4-DF5E05BE7C86}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{172CA05A-D4BF-4499-AD4E-229DE7EFB877}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{27B817EC-E042-4517-813C-9C6A0EB8FF34}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{2918B7F3-0B54-464C-B5C7-D2343AB74265}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{2BC50A13-9AAD-45C6-A4DD-130F76296633}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{42080899-655F-4716-9DF2-412163700B8F}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{4E907870-3CE5-459B-8FCC-66652646637A}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{50CC803A-CFAD-4CAB-9848-A4963F5CDCBA}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{5ED29BFF-531B-4260-8CD7-EB9E014B2E7D}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{5F555B64-FD30-433D-A7DF-C7B96A2E4CDD}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{68129D2F-3F13-4A1C-973A-0F0B13000D4F}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{802E6B10-89AD-414D-93D0-1DA0219CACA4}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{83690708-7A7E-4C8D-B5F0-4244A554D3C0}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{85DC2E4F-77DD-48D4-B148-1BD3853FC1EB}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{865C2874-D6F6-407F-B189-CB31E5472A26}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9445E35B-7F0D-4D69-A8E4-27643842D765}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{95DFF98A-0D9A-4B8B-8E16-073060024E86}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9F3D82C7-E7BE-4B64-8077-FE7A860C5599}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{9F6F7F4D-3479-4862-BC79-6485484C387F}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{A6FE25C5-3129-4334-9889-C23D40E9B08D}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{A90ABADD-6330-411B-B73D-00735F59014F}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{B1EF1308-40EF-45BF-AC92-9BC59A2B9A94}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{B5A81C6C-1E0E-4736-BD54-77B43158FA1A}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{BA034073-6887-43E9-97C7-DAF03D8F7430}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{C38179A4-7AAF-44AE-B55D-752CEDD88AE3}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{C4D1AF85-CF3F-4E67-9473-6CAD7176B068}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{D7FA8956-DF06-49DF-A84B-B63EE9F42DBF}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{DC33F78A-DFE5-4979-BCC2-DCE27F4E59E2}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{DDB96B74-49DB-4CFA-BA08-1D4B1148DCC1}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{EF5CFE9D-E652-4747-BE74-ACDBC0E2653C}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F15BA016-581B-4EF6-997F-E51A63766045}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F2436A9D-A631-4275-BB91-717197F79E80}
Successfully deleted: [Empty Folder] C:\Users\Maya\appdata\local\{F48679E6-AD58-4CAC-AFD0-F5B1E5A040BB}

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/06/2014 at 18:42:42.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v3.212 - Report created 14/06/2014 at 18:47:10
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Maya - VINCENOIR
# Running from : C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMRPA3QR\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ApptoU
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\Uninstaller
File Deleted : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\NewPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=ds&q={searchTerms}&installDate=11/02/2014
Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=tuguu&country=us&feedid=infospace&st=nt&dpid=us&lan=en&start=1
Deleted [Homepage] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=GB&userid=01cb7476-7dae-d46d-2410-c0ab09d7e507&searchtype=hp&installDate=11/02/2014
*************************
AdwCleaner[R0].txt - [760 octets] - [21/10/2013 10:47:55]
AdwCleaner[R1].txt - [882 octets] - [21/10/2013 10:58:13]
AdwCleaner[R2].txt - [3084 octets] - [14/06/2014 18:45:37]
AdwCleaner[S0].txt - [820 octets] - [21/10/2013 10:53:50]
AdwCleaner[S1].txt - [942 octets] - [21/10/2013 10:58:52]
AdwCleaner[S2].txt - [3039 octets] - [14/06/2014 18:47:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3099 octets] ##########


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Maya (administrator) on VINCENOIR on 14-06-2014 18:53:47
Running from C:\Users\Maya\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3844903525-3029976620-4151861130-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-03] (Google Inc.)
HKU\S-1-5-21-3844903525-3029976620-4151861130-1001\...\Run: [Facebook Update] => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-02] (Facebook Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Maya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=T...ype=ds&q={searchTerms}&installDate=11/02/2014
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (FiineDeaLSoft) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbneldpobjoppehbkgemphjcggbphmjn [2014-03-17]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnp***fhjhipc [2014-06-10]
CHR Extension: (MediaPlayerEnhance) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR Extension: (Feven 1.8) - C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2014-02-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2014-06-09] (Bitdefender)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-10-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-10-21] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 Tosrfcom; No ImagePath
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 catchme; \??\C:\Combo-Fix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-06-14 18:53 - 2014-06-14 18:54 - 00017168 _____ () C:\Users\Maya\Desktop\FRST.txt
2014-06-14 18:53 - 2014-06-14 18:53 - 02081792 _____ (Farbar) C:\Users\Maya\Desktop\FRST64.exe
2014-06-14 18:53 - 2014-06-14 18:53 - 00000000 ____D () C:\FRST
2014-06-14 18:50 - 2014-06-14 18:50 - 00003191 _____ () C:\Users\Maya\Desktop\AdwCleaner[S2].txt
2014-06-14 18:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 18:42 - 2014-06-14 18:42 - 00004988 _____ () C:\Users\Maya\Desktop\JRT.txt
2014-06-14 18:32 - 2014-06-14 18:32 - 01016261 _____ (Thisisu) C:\Users\Maya\Downloads\JRT (2).exe
2014-06-14 16:17 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Maya\Documents\Electronic Arts
2014-06-12 21:40 - 2014-06-12 21:40 - 00098612 _____ () C:\Users\Maya\Downloads\OTL.Txt
2014-06-12 21:15 - 2014-06-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\Maya\Downloads\OTL.scr
2014-06-12 20:25 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 20:25 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 20:25 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 20:25 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 20:25 - 2014-05-30 10:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 20:25 - 2014-05-30 10:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 20:25 - 2014-05-30 10:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 20:25 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 20:25 - 2014-05-30 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 20:25 - 2014-05-30 10:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 20:25 - 2014-05-30 10:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 20:25 - 2014-05-30 10:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 20:25 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 20:25 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 20:25 - 2014-05-30 10:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 20:25 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 20:25 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 20:25 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 20:25 - 2014-05-30 09:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 20:25 - 2014-05-30 09:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 20:25 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 20:25 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 20:25 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 20:25 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 20:25 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 20:25 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 20:25 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 20:25 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 20:25 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 20:25 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 20:25 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 20:25 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 20:25 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 20:25 - 2014-05-30 09:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 20:25 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 20:25 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 20:25 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 20:25 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 20:25 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 20:25 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 20:25 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 20:25 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 20:25 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 20:25 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 20:25 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 20:25 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 20:25 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 20:25 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 20:25 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 20:25 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 20:25 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 20:25 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 20:25 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 20:25 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 20:25 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 20:25 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 20:25 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 20:25 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 20:25 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 20:25 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 20:25 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 20:25 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 20:25 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 20:25 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 20:24 - 2014-06-08 10:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 20:24 - 2014-06-08 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 20:21 - 2014-06-12 22:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 20:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 20:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-12 20:20 - 2014-06-12 20:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:25 - 2014-06-14 16:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job
2014-06-02 16:25 - 2014-06-14 16:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job
2014-06-02 16:25 - 2014-06-02 16:25 - 00003898 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA
2014-06-02 16:25 - 2014-06-02 16:25 - 00003530 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core
2014-06-02 16:25 - 2014-06-02 16:25 - 00000000 ____D () C:\Users\Maya\AppData\Local\Facebook
2014-06-02 16:23 - 2014-06-02 16:23 - 00501248 _____ (Facebook Inc.) C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-01 14:52 - 2014-06-01 14:52 - 00808960 _____ () C:\Users\Maya\Downloads\Setup (6).exe
2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game.sb
2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game (1).sb
2014-05-22 21:10 - 2014-05-22 21:10 - 00807936 _____ () C:\Users\Maya\Downloads\New player.exe
2014-05-17 13:21 - 2014-05-17 13:21 - 00002170 _____ () C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk
2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieUserList
2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieSiteList
2014-05-15 16:34 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 16:34 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
==================== One Month Modified Files and Folders =======
2014-06-14 18:54 - 2014-06-14 18:53 - 00017168 _____ () C:\Users\Maya\Desktop\FRST.txt
2014-06-14 18:54 - 2011-11-25 18:32 - 00000000 ____D () C:\Users\Maya\AppData\Local\Temp
2014-06-14 18:53 - 2014-06-14 18:53 - 02081792 _____ (Farbar) C:\Users\Maya\Desktop\FRST64.exe
2014-06-14 18:53 - 2014-06-14 18:53 - 00000000 ____D () C:\FRST
2014-06-14 18:52 - 2011-10-05 04:02 - 01814174 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 18:50 - 2014-06-14 18:50 - 00003191 _____ () C:\Users\Maya\Desktop\AdwCleaner[S2].txt
2014-06-14 18:49 - 2011-08-03 11:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 18:48 - 2010-11-21 04:47 - 00560134 _____ () C:\Windows\PFRO.log
2014-06-14 18:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 18:48 - 2009-07-14 05:51 - 00089859 _____ () C:\Windows\setupact.log
2014-06-14 18:47 - 2013-10-21 10:47 - 00000000 ____D () C:\AdwCleaner
2014-06-14 18:42 - 2014-06-14 18:42 - 00004988 _____ () C:\Users\Maya\Desktop\JRT.txt
2014-06-14 18:38 - 2012-04-19 19:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 18:38 - 2011-08-03 11:00 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 18:32 - 2014-06-14 18:32 - 01016261 _____ (Thisisu) C:\Users\Maya\Downloads\JRT (2).exe
2014-06-14 16:30 - 2014-06-02 16:25 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job
2014-06-14 16:30 - 2014-06-02 16:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job
2014-06-14 16:20 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 16:20 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 16:17 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Maya\Documents\Electronic Arts
2014-06-14 16:17 - 2013-10-25 14:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-14 16:17 - 2012-12-29 12:27 - 00000000 ____D () C:\ProgramData\Origin
2014-06-14 16:16 - 2014-01-25 16:12 - 00000000 ____D () C:\Users\Maya\Documents\Rubbish
2014-06-14 16:12 - 2011-10-05 04:19 - 00000000 ____D () C:\Windows\Options
2014-06-12 22:28 - 2013-10-20 13:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 22:25 - 2013-10-20 13:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 22:23 - 2011-11-25 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 22:21 - 2014-05-10 09:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 22:11 - 2014-06-12 20:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 21:40 - 2014-06-12 21:40 - 00098612 _____ () C:\Users\Maya\Downloads\OTL.Txt
2014-06-12 21:15 - 2014-06-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\Maya\Downloads\OTL.scr
2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 20:21 - 2014-06-12 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 20:21 - 2013-10-20 14:34 - 00000000 ____D () C:\Users\Maya\AppData\Roaming\Malwarebytes
2014-06-12 20:21 - 2013-10-20 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 20:20 - 2014-06-12 20:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 18:24 - 2012-12-03 10:23 - 00000446 ____H () C:\Windows\Tasks\Norton Security Scan for Maya.job
2014-06-10 17:51 - 2011-11-26 15:11 - 00000000 ____D () C:\Users\Maya\Documents\Maya
2014-06-10 17:50 - 2014-03-17 22:29 - 00000000 ____D () C:\ProgramData\5e7901c99e537465
2014-06-08 10:13 - 2014-06-12 20:24 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:08 - 2014-06-12 20:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-02 16:25 - 2014-06-02 16:25 - 00003898 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA
2014-06-02 16:25 - 2014-06-02 16:25 - 00003530 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core
2014-06-02 16:25 - 2014-06-02 16:25 - 00000000 ____D () C:\Users\Maya\AppData\Local\Facebook
2014-06-02 16:23 - 2014-06-02 16:23 - 00501248 _____ (Facebook Inc.) C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-01 14:52 - 2014-06-01 14:52 - 00808960 _____ () C:\Users\Maya\Downloads\Setup (6).exe
2014-05-30 11:21 - 2014-06-12 20:25 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:45 - 2014-06-12 20:25 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:39 - 2014-06-12 20:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:39 - 2014-06-12 20:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:38 - 2014-06-12 20:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:28 - 2014-06-12 20:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:27 - 2014-06-12 20:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:24 - 2014-06-12 20:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:21 - 2014-06-12 20:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:21 - 2014-06-12 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:20 - 2014-06-12 20:25 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:18 - 2014-06-12 20:25 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 10:11 - 2014-06-12 20:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:08 - 2014-06-12 20:25 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 10:06 - 2014-06-12 20:25 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:02 - 2014-06-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 09:55 - 2014-06-12 20:25 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 09:49 - 2014-06-12 20:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 09:46 - 2014-06-12 20:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 09:44 - 2014-06-12 20:25 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 09:44 - 2014-06-12 20:25 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:43 - 2014-06-12 20:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 09:42 - 2014-06-12 20:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 09:38 - 2014-06-12 20:25 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 09:35 - 2014-06-12 20:25 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:34 - 2014-06-12 20:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 09:33 - 2014-06-12 20:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 09:30 - 2014-06-12 20:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 09:29 - 2014-06-12 20:25 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:28 - 2014-06-12 20:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 09:27 - 2014-06-12 20:25 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 09:24 - 2014-06-12 20:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:23 - 2014-06-12 20:25 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:16 - 2014-06-12 20:25 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 09:10 - 2014-06-12 20:25 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 09:06 - 2014-06-12 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 09:04 - 2014-06-12 20:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 09:02 - 2014-06-12 20:25 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 08:56 - 2014-06-12 20:25 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 08:56 - 2014-06-12 20:25 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 08:54 - 2014-06-12 20:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 08:50 - 2014-06-12 20:25 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 08:49 - 2014-06-12 20:25 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 08:43 - 2014-06-12 20:25 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 08:40 - 2014-06-12 20:25 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 08:30 - 2014-06-12 20:25 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 08:21 - 2014-06-12 20:25 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 08:15 - 2014-06-12 20:25 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 08:13 - 2014-06-12 20:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 08:13 - 2014-06-12 20:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game.sb
2014-05-24 15:19 - 2014-05-24 15:19 - 00112785 _____ () C:\Users\Maya\Downloads\Scratch catch game (1).sb
2014-05-22 21:10 - 2014-05-22 21:10 - 00807936 _____ () C:\Users\Maya\Downloads\New player.exe
2014-05-21 20:20 - 2011-11-25 18:40 - 00000000 ___RD () C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 20:20 - 2011-11-25 18:32 - 00000000 ___RD () C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 13:21 - 2014-05-17 13:21 - 00002170 _____ () C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk
2014-05-17 13:21 - 2011-08-03 10:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 13:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 12:23 - 2012-12-29 12:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieUserList
2014-05-17 09:44 - 2014-05-17 09:44 - 00000000 __SHD () C:\Users\Maya\AppData\Local\EmieSiteList
2014-05-15 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\sysqcl1129067056.dat

Some content of TEMP:
====================
C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll
C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe
C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll
C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll
C:\Users\Maya\AppData\Local\Temp\hej372gw.dll
C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll
C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll
C:\Users\Maya\AppData\Local\Temp\Quarantine.exe
C:\Users\Maya\AppData\Local\Temp\wmp.dll

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 18:26
==================== End Of Log ============================

Last log to follow in next post - it's too long otherwise.

N
 
Here's the addition.txt:



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Maya at 2014-06-14 18:56:02
Running from C:\Users\Maya\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
ActiveX-kontroll för fjärran****ningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Comic Life 2 (HKLM-x32\...\{A8405D99-9D76-4456-8752-87DA930CC3A3}) (Version: 2.2.6.0 - plasq LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}) (Version: 10.5.1.42 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.5.5 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{2b1d04de-b0b3-4359-8336-6b452868a92f}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
04-06-2014 19:40:24 Scheduled Checkpoint
12-06-2014 20:21:02 OTL Restore Point - 6/12/2014 9:20:58 PM
12-06-2014 21:20:23 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-10-27 11:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04D1CB32-BAE9-4B6C-8C51-9F389D74E914} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-02] (Facebook Inc.)
Task: {0B38F805-A5BA-4F33-97A2-AD8F9D7E647F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {0E21F32F-DDC9-4290-B4B2-7CFAACC8DDD3} - System32\Tasks\Norton Security Scan for Maya => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.5.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {680108B8-4A1F-4BAB-9BF3-DACC6EC79DE6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {6D1F6CF0-F2AB-4D41-AD39-7C8540004AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {6D715F29-2282-43FA-8A69-19F6B029419E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {6FD83064-C8C8-4105-A0D7-3898946C7878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {7514799E-F6CB-47D0-9F49-59FFD609BB89} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFB316AD-305B-424E-BC80-A3E0C4DF817D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-02] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001Core.job => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3844903525-3029976620-4151861130-1001UA.job => C:\Users\Maya\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Maya.job => C:\PROGRA~2\NORTON~2\Engine\375~1.5\Nss.exe
==================== Loaded Modules (whitelisted) =============
2014-06-09 19:45 - 2014-06-09 19:45 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-06-09 19:46 - 2014-06-09 19:46 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2011-04-04 18:18 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 14:19 - 2010-12-15 14:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-08-03 10:52 - 2011-04-21 09:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Maya\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\AdwCleaner (1).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\jre-7u45-windows-x64 (1).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\jre-7u45-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\JRT (1).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\JRT (2).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\New player.exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\OTL.scr:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\Setup (6).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (2).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (3).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (4).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup (5).exe:BDU
AlternateDataStreams: C:\Users\Maya\Downloads\uplayermediaplayer-setup.exe:BDU
==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================
Application errors:
==================
Error: (06/14/2014 06:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Microsoft Office Sessions:
=========================
Error: (06/14/2014 06:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-10-27 10:02:14.498
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-27 10:02:14.420
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-27 10:02:14.342
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-27 10:02:14.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-26 12:12:37.255
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-26 12:12:37.177
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Combo-Fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 6091.86 MB
Available physical RAM: 4091.24 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 10020.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:132.2 GB) NTFS
Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:284.18 GB) NTFS
Drive e: (BBCDVD3494) (CDROM) (Total:4.38 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 36578230)
Partition 1: (Active) - (Size=399 MB) - (Type=27)
Partition 2: (Not Active) - (Size=297 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================



Thank you!

All best
Nuley
 
Hi Nuley

Thank you Starbuck for helping me yet again.
Click to expand...
It's no problem at all.

A few things for you to do.
Let's hope your Daughter appreciates the time you are spending on this.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png


The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Double click on OTL to run it.
Vista/Windows 7 users right-click and select Run As Administrator.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
Code: 
:otl
PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
PRC - C:\Users\Maya\AppData\Local\Smartbar\Application\Lrcnta.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2013/10/26 12:04:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/26 12:04:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/26 12:04:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/26 12:04:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/26 12:04:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/11 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Optimizer Pro

:Files
C:\Users\Maya\AppData\Local\Smartbar
C:\ComboFix.txt
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png

  • Click the red Run Fix button.

    runfixbutton.png

  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 3
Reset Google Chrome
  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.


Step 4
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java 7 Update 45
    Java(TM) 6 Update 20
    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.


In your next reply, please submit:
Fixlog.txt
OTL fix report
and let me know how the other 2 steps went.


Thanks.
 

Attachments

Dear Starbuck

Thanks for this. Daughter had hidden all the previous OTL and FRST stuff as it was 'messing up the desktop'... such is the gratitude of teens!!!

Still, here are the logs!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Maya at 2014-06-24 20:14:54 Run:1
Running from C:\Users\Maya\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Combo-Fix\catchme.sys [X]
C:\ProgramData\sysqcl1129067056.dat
C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll
C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe
C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll
C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll
C:\Users\Maya\AppData\Local\Temp\hej372gw.dll
C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll
C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll
C:\Users\Maya\AppData\Local\Temp\Quarantine.exe
C:\Users\Maya\AppData\Local\Temp\wmp.dll
Task: {0B38F805-A5BA-4F33-97A2-AD8F9D7E647F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software
Reboot:





*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
catchme => Service deleted successfully.
C:\ProgramData\sysqcl1129067056.dat => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\0w3qapdv.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\d0a0rdlm.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\g5yrddwv.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\hej372gw.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\hfsywbme.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\jlirsorv.dll => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Maya\AppData\Local\Temp\wmp.dll => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B38F805-A5BA-4F33-97A2-AD8F9D7E647F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B38F805-A5BA-4F33-97A2-AD8F9D7E647F}' => Key deleted successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update' => Key deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.

The system needed a reboot.
==== End of Fixlog ====


All processes killed
========== OTL ==========
No active process named SnapDo.exe was found!
No active process named Lrcnta.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
Folder C:\Users\Maya\AppData\Roaming\Optimizer Pro\ not found.
========== FILES ==========
File\Folder C:\Users\Maya\AppData\Local\Smartbar not found.
C:\ComboFix.txt moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Maya\Desktop\cmd.bat deleted successfully.
C:\Users\Maya\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maya
->Temp folder emptied: 4091970507 bytes
->Temporary Internet Files folder emptied: 462185562 bytes
->Java cache emptied: 39785 bytes
->Google Chrome cache emptied: 436698621 bytes
->Flash cache emptied: 39747 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172649845 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 912663666 bytes

Total Files Cleaned = 5,795.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06242014_202004
Files\Folders moved on Reboot...
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_left.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_left.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_right.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_margin_right.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_middle.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\alert_middle.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\award.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\award.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\back.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\back.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_award_flow.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_award_flow.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_install_steps.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_install_steps.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_tall.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_tall.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_uninstall.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\background_uninstall.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bd_logo.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bd_logo.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_AlertWindow.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_AlertWindow.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_header_image.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_header_image.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_active.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_active.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\bg_number_events_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_picture.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_picture.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_shadow.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\big_shadow.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_active.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_active.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_disabled.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_disabled.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\btn_combo_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_active.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_active.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_disabled.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_disabled.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\button_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_disabled.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_disabled.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_off_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_disabled.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_disabled.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\checkbox_on_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\close.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\close.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\delete_normal.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\delete_normal.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\details_button.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\details_button.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\feedback_banner.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\feedback_banner.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\flow_background.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\flow_background.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_alert.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_alert.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical_big.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_critical_big.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done_big.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_done_big.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_informative.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_informative.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_notok.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_notok.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_ok.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_ok.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_sb.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_sb.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_skipped.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\icon_skipped.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\input_bg.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\input_bg.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_big_button_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\install_button_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\loader_install.gif scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\loader_install.gif.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\lock_normal.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\lock_normal.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\minimize.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\minimize.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\open_normal.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\open_normal.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\pending.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\pending.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\products_chart.jpg scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\products_chart.jpg.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_not_ok.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_not_ok.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_ok.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bar_ok.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bg.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\progress_bg.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\qs_scan_log.xsl scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\qs_scan_log.xsl.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_next.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_next.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_prev.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\scroll_prev.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_fb.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_fb.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_go.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_go.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_line.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_line.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tabel.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tabel.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_top_text.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_top_text.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tw.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\share_tw.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\small_shadow.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\small_shadow.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_off.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_off.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_on.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sswitch_on.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\status_bg.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\status_bg.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_active.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_active.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\sys_btn_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\top_header_bg.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\top_header_bg.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\unlock_normal.png scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\images\unlock_normal.png.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow1.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow1.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow2.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\award_flow2.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\bdHtmlBox.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\bdHtmlBox.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\cpptexts.xlf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\cpptexts.xlf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\en-US.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\en-US.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text_en.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\eula_text_en.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\general.xlf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\general.xlf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpaph.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpaph.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpgeneric.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpgeneric.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpmalware.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\httpmalware.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\installer.xlf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\installer.xlf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\it-IT.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\it-IT.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.online scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\lang.xml.online.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\logs.xlf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\logs.xlf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\main.ui.css scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\main.ui.css.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\notifications.xlf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\notifications.xlf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm_p.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\rem_confirm_p.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\repair_progress.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\repair_progress.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\setup_progress.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\setup_progress.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\uninstall_progress.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\uninstall_progress.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\welcome.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\lang\welcome.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ACA.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Ad-Aware.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Advanced_System_Protect.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\alading.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\AntiVir.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\avast5.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\AVG.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Avira.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BackWeb-4476822.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BBC.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender 2011.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Anti-Theft.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Antivirus.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Bussiness Client.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Internet Security.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Bitdefender Total Security.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\BullGuard.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\cciss.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\COMODO.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\DRWEB.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ESET.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\eTrust.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\F-Secure.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\G Data.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\GUIDs.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\JiangMin.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Kaspersky.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Kingsoft.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\kingsoftSafeguard.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\kv antivirus.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Lavasoft.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\McAfee.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\MicroPoint.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Microsoft Security Essentials.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Mobile.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\MSC.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Norman.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Norton.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\OfficeScan95.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\OfficeScanNT.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Panda.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\PC Tools.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Premium.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\qqpcmgr.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\qqprotect.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Rav.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\RFW.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Ris.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\safeguard360.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ServerProtect.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\SunBelt.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Trend Micro.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\VETWIN32Vp5.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Virus.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\Webroot.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\WinSS.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\extern\ZoneAlarm.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\core\bdcore.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\core\bdcore.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\additional.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\additional.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\avcheck.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\avcheck.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdardrv.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdardrv.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdmetrics.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdmetrics.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ini scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ini.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\bdnc.ipv4 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\contacts.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\contacts.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\detection.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzflt.sys scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzflt.sys.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzfltum.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\gzfltum.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\htmlayout.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\htmlayout.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\Installer.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\Installer.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\installerpackage.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\installerpackage.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x64.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x64.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x86.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\install_x86.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\no_connection.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\no_connection.html.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\npcomm.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\npcomm.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\pluginsx64.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\pluginsx64.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qscan.txt scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.html scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\servers.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\servers.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\setuplauncher.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\setuplauncher.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\ThreatScanner.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\ThreatScanner.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.sys scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\trufos.sys.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\unrar64.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\unrar64.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update_config.xml scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\update_config.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\UserGuide.pdf scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\UserGuide.pdf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wslib.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wslib.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wspack.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wspack.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wsutils.dll scheduled to be moved on reboot.
File move failed. C:\Users\Maya\AppData\Local\Temp\RarSFX0\wsutils.dll.md5 scheduled to be moved on reboot.
C:\Users\Maya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Maya\AppData\Local\Temp\gziface1.log scheduled to be moved on reboot.
File\Folder C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XXSY456I\10689-Before-posting-for-Malware-Removal-help-WinXP-Vista-and-Win7[2].htm not found!
File\Folder C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XXSY456I\tweet_button.1403226798[1].htm not found!
C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\CR_5BDC0.tmp\setup.exe not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...


I managed the two other steps, re-doing Chrome and uninstalling old Java/reinstalling Java 7.

Also Adobe needed updating (so it told me) so I updated.

Thanks again

Nuley
 
Hi Nuley

Daughter had hidden all the previous OTL and FRST stuff as it was 'messing up the desktop'
Click to expand...
Kids make you laugh..... they worry about a few icons on the desktop, but the system is a mess! :)

Total Files Cleaned = 5,795.00 mb
Click to expand...
That is going to make the system feel a lot better.

I managed the two other steps, re-doing Chrome and uninstalling old Java/reinstalling Java 7.
Click to expand...
Mmm a bit concerned here. (hopefully you made a mistake when typing)
This is what you should have removed:
Java 7 Update 45
Java(TM) 6 Update 20
Click to expand...
This what you should have installed:
Java Runtime Environment (JRE) 8 Update 5

If you can keep your daughter away from the PC long enough: (this may take awhile to scan )
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    esetOnline.png
    button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on
      esetSmartInstall.png
      to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  • Check
    esetAcceptTerms.png
  • Click the
    esetStart.png
    button.
  • Accept any security warnings from your browser.
  • Check
    esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
    esetListThreats.png
  • Click
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the
    esetBack.png
    button.
  • Click
    esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


Thanks
 
Thanks for this. Yes, I meant Java 7, I've checked and I've got Java 8 - me not being very up to date.

I started running eset in Chrome as I hadn't read to the very bottom, so I stopped it and re-ran as admin in IE. I hope the log's OK. Here it is:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\12684.8438.6318_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\221_icm_downloads_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\11761.8316.4070_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup (2).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup (3).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup (4).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup (5).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Maya\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSIC34F.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSIC34F.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined


And it did take ages! But hopefully well worth doing.

All best
Nuley
 
Hi Nuley

I started running eset in Chrome as I hadn't read to the very bottom, so I stopped it and re-ran as admin in IE.
Click to expand...
Actually Chrome would have been ok.
Chances are the version of Chrome you are running will be 32bit.
Google have only just released a 64bit version and that is only available from The developer channels at the moment.

And it did take ages! But hopefully well worth doing.
Click to expand...
Eset is very thorough, that's why it takes so long.
Eset only found more PuP's and some of that wasn't actually active.
Nothing really malicious found.

How is the system running now?
If everything is fine, we can start to finish off the cleaning process.
 
Dear Starbuck

It all looks fine and both Chrome and IE seem to be running fine, thank you. I'll turn Bitdefender back on!

Cheers
Nuley
 
Hi Nuley,

Let's finish the cleaning process and remove the tools we have used.
We'll also set you a fresh restore point.

Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select any items and then click the Delete button.
Close MBAM.


Step 2
Download Delfix and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore

    delf_zpsb39a5ff3.png

    .
  • Click the Run button.
When the tool has finished, a log will open in notepad.... but i don't actually need this report


Step 3
Eset can be removed using the Remove Programs feature in Control Panel.


To find out how you may have been infected....read this topic:
How did i get infected?


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing.
Computer_addict__by_Sinister_Starfeesh.gif
 
Thank you so much - you've saved our surfing sanity yet again! I will go through the safety stuff with teenage daughter and try to get her to take ownership of the security a bit more (with some help of course). Thanks again.

All best
Nuley
 

Similar threads

Rustys
Windows Vista Malware
Replies
15
Views
5K
Rustys
Rustys
T
laptop running slow
Replies
10
Views
9K
Starbuck
Starbuck
A
[Solved] Laptop running very slow
Replies
17
Views
19K
Starbuck
Starbuck
S
Problems with Vista2
2
Replies
37
Views
24K
Aura
A
mat777
[Solved] Parents computer ridiculously slow
Replies
11
Views
5K
mat777
mat777
Back
Top