1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

computer turns off

Discussion in 'Virus & Other Malware Removal' started by cricketuse, Oct 1, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. cricketuse

    cricketuse Thread Starter

    Joined:
    Aug 27, 2006
    Messages:
    63
    Malware has detected some virous but can complete the scan before computer turns off. all for scans below

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:56:53 AM, on 10/1/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19458)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\dcmsvc\dcmsvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Quixley_2KMb Toolbar - {12a9db21-42a2-492d-a85c-cdde0c88b608} - C:\Program Files\Quixley_2KMb\prxtbQui0.dll
    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll
    O2 - BHO: Quixley_2KMb - {12a9db21-42a2-492d-a85c-cdde0c88b608} - C:\Program Files\Quixley_2KMb\prxtbQui0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: FCTBPos00Pos - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
    O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
    O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
    O3 - Toolbar: Quixley_2KMb Toolbar - {12a9db21-42a2-492d-a85c-cdde0c88b608} - C:\Program Files\Quixley_2KMb\prxtbQui0.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [###Name###] ###Drive:\Path\Name.exe###
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing)
    O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 15388 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19458 BrowserJavaVersion: 10.25.2
    Run by Owner at 12:01:37 on 2013-10-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1238 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\dcmsvc\dcmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mStart Page = about:blank
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: Quixley_2KMb Toolbar: {12a9db21-42a2-492d-a85c-cdde0c88b608} - c:\program files\quixley_2kmb\prxtbQui0.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - c:\program files\socialribbons lp2\Helper.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: Quixley_2KMb Toolbar: {12a9db21-42a2-492d-a85c-cdde0c88b608} - c:\program files\quixley_2kmb\prxtbQui0.dll
    BHO: Quixley_2KMb Toolbar: {12a9db21-42a2-492d-a85c-cdde0c88b608} - c:\program files\quixley_2kmb\prxtbQui0.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\program files\windows ilivid toolbar\datamngr\IEBHO.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: SocialRibbons LP2: {AE92E5DE-20F7-9934-D515-7BE13880A842} - c:\program files\socialribbons lp2\Toolbar.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - c:\program files\common files\freecause\dca\dca-bho.dll
    BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
    TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: Quixley_2KMb Toolbar: {12a9db21-42a2-492d-a85c-cdde0c88b608} - c:\program files\quixley_2kmb\prxtbQui0.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Aim6] <no file>
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
    mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [TPCHWMsg] c:\program files\toshiba\tphm\TPCHWMsg.exe
    mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
    mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: bmnet.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    TCP: Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C} : DHCPNameServer = 68.87.64.216 68.87.66.216
    TCP: Interfaces\{8615EEBB-3B94-43E2-8865-DD1B001DE0BD} : DHCPNameServer = 209.183.33.23 209.183.35.23
    TCP: Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    AppInit_DLLs= c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\
    FF - prefs.js: browser.search.selectedEngine - Delta Search
    FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?affID=121299&tt=gc_&babsrc=HP_ss&mntrId=E8150024D28EF3E4
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\windows ilivid toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{12a9db21-42a2-492d-a85c-cdde0c88b608}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{12a9db21-42a2-492d-a85c-cdde0c88b608}\components\RadioWMPCoreGecko5.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{12a9db21-42a2-492d-a85c-cdde0c88b608}\components\RadioWMPCoreGecko6.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
    FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\wpytcw1y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
    FF - plugin: c:\users\owner\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
    FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: [email protected] - c:\users\owner\appdata\roaming\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: ArcadeWeb: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: We-Care Reminder: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - %profile%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
    FF - Ext: Quixley_2KMb Community Toolbar: {12a9db21-42a2-492d-a85c-cdde0c88b608} - %profile%\extensions\{12a9db21-42a2-492d-a85c-cdde0c88b608}
    FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    FF - Ext: Delta Toolbar: [email protected] - %profile%\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - e815cc810000000000000024d28ef3e4
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15840
    FF - user.js: extensions.delta.vrsn - 1.8.16.16
    FF - user.js: extensions.delta.vrsni - 1.8.16.16
    FF - user.js: extensions.delta.vrsnTs - 1.8.16.1621:22:52
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-27 25896]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-27 176128]
    R2 BackupService;BackupService;c:\users\owner\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2010-10-31 83512]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2011-2-2 91456]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 107392]
    R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
    R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-7 62776]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
    R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
    R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-23 24652]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
    S2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe --> c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2008-11-20 125440]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-30 40776]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    .
    =============== Created Last 30 ================
    .
    2013-10-01 15:14:22 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e77f1a2b-6962-4eff-bb1a-fd36948e02a4}\mpengine.dll
    2013-09-30 19:52:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-09-30 13:18:32 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-09-08 11:49:45 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b352053f-5466-4bea-865e-d50ce331dea8}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2013-09-22 00:44:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-22 00:44:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-08 01:45:09 2049536 ----a-w- c:\windows\system32\win32k.sys
    2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-01 10:21:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2013-08-01 10:15:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-08-01 10:15:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-08-01 10:15:09 71680 ----a-w- c:\windows\system32\iesetup.dll
    2013-08-01 10:15:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-08-01 10:13:35 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-08-01 08:37:30 385024 ----a-w- c:\windows\system32\html.iec
    2013-08-01 06:56:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-08-01 06:54:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-16 04:35:16 615936 ----a-w- c:\windows\system32\themeui.dll
    2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
    2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-05 03:20:37 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-07-05 01:43:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    .
    ============= FINISH: 12:03:23.81 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/27/2009 3:48:00 AM
    System Uptime: 10/1/2013 11:00:48 AM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket M2/S1G1 | 2100/2000mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 86.763 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.5
    Adobe Shockwave Player 11.5
    Age of Empires III
    AIM 6
    AIM Toolbar
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Amazon Links
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASPCA Tri Reminder by We-Care.com v4.0.9.5
    AT&T Communication Manager
    ATI Catalyst Install Manager
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    BrowserProtect
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cheat Engine 5.6.1
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    dcmsvc 1.0
    Delta Chrome Toolbar
    Delta toolbar
    Diner Dash 2
    Direct DiscRecorder
    Dogpile Bundle Toolbar
    Download Updater (AOL LLC)
    Driver Installer
    DVD MovieFactory for TOSHIBA
    Facebook Video Calling 1.2.0.287
    File Type Assistant
    FinalTorrent 2011
    Full Tilt Poker
    Google Chrome
    Google Desktop
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet 6500 E710n-z Basic Device Software
    HP Officejet 6500 E710n-z Help
    iCloud
    iLivid
    ImageMixer 3 SE Ver.6 Transfer Utility
    ImageMixer 3 SE Ver.6 Video Tools
    iTunes
    Java 7 Update 25
    Java Auto Updater
    LightScribe 1.4.124.1
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MobileMe Control Panel
    MotoConnect
    Move Media Player
    Mozilla Firefox (3.6.15)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netzero Internet Access Installer
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    Picasa 2
    PlayReady PC runtime
    QuickBooks Financial Center
    QuickTime
    Quixley_2KMb Toolbar
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WiFi Protected Setup Library
    Realtek WLAN Driver
    Roll
    RS2Bot
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
    Skins
    Skype Launcher
    SocialRibbons LP2
    Spotify
    Synaptics Pointing Device Driver
    Torch
    TOSHIBA Agreement Notification Utility
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    TOSHIBA PC Health Monitor
    Toshiba Quality Application
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    Toshiba Resources Page
    TOSHIBA SD Memory Utilities
    TOSHIBA Service Station
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Updater Service
    Warner Bros. Digital Copy Manager
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows iLivid Toolbar
    Windows Live ID Sign-in Assistant
    WinX HD Video Converter Deluxe 3.12.2
    Yahoo! BrowserPlus
    .
    ==== End Of File ===========================

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-10-01 13:07:54
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSX rev.FG001M 232.89GB
    Running: smj7xzf9[1].exe; Driver: C:\Users\Owner\AppData\Local\Temp\pgtoapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8CF57480, 0x3C939, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8CF98900, 0x3CA, 0x48000040]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E0A000, 0x263970, 0xE8000020]
    ? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\System32\spoolsv.exe[456] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\svchost.exe[572] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\wininit.exe[576] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\services.exe[620] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\lsass.exe[636] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!SetWindowsHookExW 774287AD 5 Bytes JMP 6DA59A8D C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!CallNextHookEx 77428E3B 5 Bytes JMP 6DA4D101 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!UnhookWindowsHookEx 774298DB 5 Bytes JMP 6D9C4656 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!CreateWindowExW 77431305 5 Bytes JMP 6DA5DAFC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 6D985505 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxIndirectParamW 77452EF5 5 Bytes JMP 6DB57337 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxParamA 77468152 5 Bytes JMP 6DB572D4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxIndirectParamA 7746847D 5 Bytes JMP 6DB5739A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxIndirectA 7747D4D9 5 Bytes JMP 6DB57269 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxIndirectW 7747D5D3 5 Bytes JMP 6DB571FE C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxExA 7747D639 5 Bytes JMP 6DB5719C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxExW 7747D65D 5 Bytes JMP 6DB5713A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] ole32.dll!OleLoadFromStream 770D1E80 5 Bytes JMP 6DB5769F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] ole32.dll!CoCreateInstance 77109F3E 5 Bytes JMP 6DA5DB58 C:\Windows\system32\IEFRAME.dll
    .text C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe[2524] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2576] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2632] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[2792] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] ntdll.dll!DbgBreakPoint 777A878E 1 Byte [C3]
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] ntdll.dll!DbgUiRemoteBreakin 777ECD84 5 Bytes JMP 7779B1F1 C:\Windows\system32\ntdll.dll
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2980] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe[2988] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3008] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe[3016] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!CreateWindowExW 77431305 5 Bytes JMP 6DA5DAFC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 6D985505 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamW 77452EF5 5 Bytes JMP 6DB57337 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamA 77468152 5 Bytes JMP 6DB572D4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamA 7746847D 5 Bytes JMP 6DB5739A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectA 7747D4D9 5 Bytes JMP 6DB57269 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectW 7747D5D3 5 Bytes JMP 6DB571FE C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExA 7747D639 5 Bytes JMP 6DB5719C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExW 7747D65D 5 Bytes JMP 6DB5713A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] ole32.dll!CoCreateInstance 77109F3E 5 Bytes JMP 75768F70 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\svchost.exe[572] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[572] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile] [7573A560] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile] [75739AB0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile] [7573A510] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey] [7573E310] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenKey] [7573E1D0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey] [7573DFA0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey] [7573E360] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey] [7573E0F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey] [7573E080] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtCreateKey] [7573E160] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenFile] [7573A3B0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryKey] [75739A70] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenFile] [7573A3B0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenKey] [7573E1D0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtEnumerateKey] [7573DFA0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryKey] [75739A70] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtCreateKey] [7573E160] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteValueKey] [7573E360] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [7573E080] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [7573E0F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteKey] [7573E310] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[824] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[824] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[912] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[912] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1160] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1160] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1200] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1200] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1224] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1224] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1316] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1316] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1384] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1384] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[2292] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[2292] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[2832] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[2832] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[3092] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[3092] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[4768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[4768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2C 0x31 0x35 0x6F ...

    ---- EOF - GMER 2.1 ----
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-10-01 13:07:54
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSX rev.FG001M 232.89GB
    Running: smj7xzf9[1].exe; Driver: C:\Users\Owner\AppData\Local\Temp\pgtoapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8CF57480, 0x3C939, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8CF98900, 0x3CA, 0x48000040]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E0A000, 0x263970, 0xE8000020]
    ? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\System32\spoolsv.exe[456] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\svchost.exe[572] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\wininit.exe[576] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\services.exe[620] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Windows\system32\lsass.exe[636] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!SetWindowsHookExW 774287AD 5 Bytes JMP 6DA59A8D C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!CallNextHookEx 77428E3B 5 Bytes JMP 6DA4D101 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!UnhookWindowsHookEx 774298DB 5 Bytes JMP 6D9C4656 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!CreateWindowExW 77431305 5 Bytes JMP 6DA5DAFC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 6D985505 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxIndirectParamW 77452EF5 5 Bytes JMP 6DB57337 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxParamA 77468152 5 Bytes JMP 6DB572D4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!DialogBoxIndirectParamA 7746847D 5 Bytes JMP 6DB5739A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxIndirectA 7747D4D9 5 Bytes JMP 6DB57269 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxIndirectW 7747D5D3 5 Bytes JMP 6DB571FE C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxExA 7747D639 5 Bytes JMP 6DB5719C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] USER32.dll!MessageBoxExW 7747D65D 5 Bytes JMP 6DB5713A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] ole32.dll!OleLoadFromStream 770D1E80 5 Bytes JMP 6DB5769F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2432] ole32.dll!CoCreateInstance 77109F3E 5 Bytes JMP 6DA5DB58 C:\Windows\system32\IEFRAME.dll
    .text C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe[2524] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2576] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2632] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[2792] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] ntdll.dll!DbgBreakPoint 777A878E 1 Byte [C3]
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] ntdll.dll!DbgUiRemoteBreakin 777ECD84 5 Bytes JMP 7779B1F1 C:\Windows\system32\ntdll.dll
    .text C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe[2960] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2980] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe[2988] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3008] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe[3016] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 75734760 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!CreateWindowExW 77431305 5 Bytes JMP 6DA5DAFC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamW 774510B0 5 Bytes JMP 6D985505 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamW 77452EF5 5 Bytes JMP 6DB57337 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamA 77468152 5 Bytes JMP 6DB572D4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamA 7746847D 5 Bytes JMP 6DB5739A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectA 7747D4D9 5 Bytes JMP 6DB57269 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectW 7747D5D3 5 Bytes JMP 6DB571FE C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExA 7747D639 5 Bytes JMP 6DB5719C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExW 7747D65D 5 Bytes JMP 6DB5713A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5984] ole32.dll!CoCreateInstance 77109F3E 5 Bytes JMP 75768F70 c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\svchost.exe[572] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[572] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile] [7573A560] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile] [75739AB0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile] [7573A510] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey] [7573E310] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenKey] [7573E1D0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey] [7573DFA0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey] [7573E360] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey] [7573E0F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey] [7573E080] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtCreateKey] [7573E160] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenFile] [7573A3B0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryKey] [75739A70] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\services.exe[620] @ C:\Windows\system32\services.exe [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenFile] [7573A3B0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenKey] [7573E1D0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtEnumerateKey] [7573DFA0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryKey] [75739A70] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtCreateKey] [7573E160] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteValueKey] [7573E360] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [7573E080] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [7573E0F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\winlogon.exe[712] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteKey] [7573E310] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[824] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[824] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[912] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[912] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1160] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1160] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1200] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[1200] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1224] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1224] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1316] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1316] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1384] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1384] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [7573A240] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [ntdll.dll!NtClose] [7573E290] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[2292] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\System32\svchost.exe[2292] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[2832] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[2832] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[3092] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[3092] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[4768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7573A1F0] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll
    IAT C:\Windows\system32\svchost.exe[4768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7573A190] c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2C 0x31 0x35 0x6F ...

    ---- EOF - GMER 2.1 ----
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Hi cricketuse,
    If the machine continues to turn off, be sure to vacuum out the ventilation holes in the case. A brush attachment is good for this.
    If it's a desktop, also take off the cover or side panel and vacuum the motherboard and any aluminum heat heat radiators.

    You have quite a few toolbars and Browser helpers on there, installed intentionally or otherwise, that are not in your best interest.
    We will remove Norton, since it duplicates the Antivirus function of MS Security Essentials.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

    Norton Internet Security

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Click on this link to download : ADWCleaner
    Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
    You will then be presented with the report. Copy & Paste it into your next post.

    [​IMG]

    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • For WinXP, double click on the OTL icon to run it.
    • For Vista or Win7, right click the icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    So we will be looking for the log from AdwCleaner and the two logs from OTL.Use separate replies for each if more convenient.
    askey127
     
  3. cricketuse

    cricketuse Thread Starter

    Joined:
    Aug 27, 2006
    Messages:
    63
    I should have mentioned the issue is on my laptop. I ran the scans and copied below. I tried to remove Norton but could not find that progam. can you suggest how i can find that file to remove?

    Thanks for you help.

    # AdwCleaner v3.006 - Report created 05/10/2013 at 17:16:31
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : BrowserProtect
    Service Deleted : Viewpoint Manager Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    [!] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Delta
    Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files\Ilivid
    Folder Deleted : C:\Program Files\iMesh Applications
    Folder Deleted : C:\Program Files\MyPC Backup
    Folder Deleted : C:\Program Files\StartNow Toolbar
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\Program Files\Windows iLivid Toolbar
    Folder Deleted : C:\Program Files\Yontoo Layers
    Folder Deleted : C:\Program Files\Quixley_2KMb
    Folder Deleted : C:\Program Files\WhiteSmoke_New
    Folder Deleted : C:\Program Files\Common Files\FreeCause
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid
    Folder Deleted : C:\Users\Owner\AppData\Local\iMesh
    Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Owner\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Owner\AppData\Local\Temp\TempDir
    Folder Deleted : C:\Users\Owner\AppData\Local\Temp\CT3289847
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Searchqutoolbar
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Quixley_2KMb
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\WhiteSmoke_New
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Delta
    Folder Deleted : C:\Users\Owner\AppData\Roaming\file scout
    Folder Deleted : C:\Users\Owner\AppData\Roaming\imeshbandmltbpi
    Folder Deleted : C:\Users\Owner\AppData\Roaming\mediabarim
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
    Folder Deleted : C:\Users\Owner\Documents\iMesh
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\mediabarim
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Searchqutoolbar
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\CT3289847
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\{12a9db21-42a2-492d-a85c-cdde0c88b608}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
    File Deleted : C:\Users\Owner\AppData\Local\Temp\searchqutoolbar-manifest.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\bProtector_extensions.rdf
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\bprotector_prefs.js
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\searchplugins\Babylon.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\searchplugins\delta.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\searchplugins\iMeshWebSearch.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\searchplugins\SearchResults.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\user.js
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Windows\Tasks\AmiUpdXp.job
    File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
    File Deleted : C:\Windows\System32\Tasks\EPUpdater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{746C4A08-F1AB-4428-9AC6-4A191F3B34D6}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{746C4A08-F1AB-4428-9AC6-4A191F3B34D6}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78283208-39C8-4F55-9453-855D2BCA5726}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78283208-39C8-4F55-9453-855D2BCA5726}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
    Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
    Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
    Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\ilivid
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKCU\Software\eedfdce76fe440
    Key Deleted : HKLM\SOFTWARE\eedfdce76fe440
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.FCTB000100291Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.FCTB000100291Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100291.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3057722
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA13421C-E9DE-4656-9E7C-98F8873317E8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA13421C-E9DE-4656-9E7C-98F8873317E8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA13421C-E9DE-4656-9E7C-98F8873317E8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1345EE99-9D48-438B-9C87-E22B8A67BA51}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{042D0BEC-F900-430E-938E-BAEE96755AE2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8AD0AFF-4E27-4E99-B143-983D746742D3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D4E79C0-7FF8-4D71-9FE6-459E7CD77AC0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{12A9DB21-42A2-492D-A85C-CDDE0C88B608}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{12A9DB21-42A2-492D-A85C-CDDE0C88B608}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{12A9DB21-42A2-492D-A85C-CDDE0C88B608}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\mediabarim
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Quixley_2KMb
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Quixley_2KMb
    Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\SearchquMediabarTb
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\Software\Quixley_2KMb
    Key Deleted : HKLM\Software\WhiteSmoke_New
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quixley_2KMb Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Quixley_2KMb Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.19458

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

    -\\ Mozilla Firefox v3.6.15 (en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wpytcw1y.default\prefs.js ]

    Line Deleted : user_pref("CT3289847.FF19Solved", "true");
    Line Deleted : user_pref("CT3289847.UserID", "UN20801883911045291");
    Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
    Line Deleted : user_pref("CT3289847.fullUserID", "UN20801883911045291.IN.20131005170410");
    Line Deleted : user_pref("CT3289847.installDate", "05/10/2013 17:04:35");
    Line Deleted : user_pref("CT3289847.installSessionId", "{D7B02246-6B27-4F38-8240-9FFC05BEA3DD}");
    Line Deleted : user_pref("CT3289847.installSp", "false");
    Line Deleted : user_pref("CT3289847.installerVersion", "1.7.1.7");
    Line Deleted : user_pref("CT3289847.keyword", "true");
    Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://www1.delta-search.com/?affID=121299&tt=gc_&babsrc=HP_ss&mntrId=E8150024D28EF3E4");
    Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=");
    Line Deleted : user_pref("CT3289847.originalSearchEngine", "Delta Search");
    Line Deleted : user_pref("CT3289847.originalSearchEngineName", "Search Results");
    Line Deleted : user_pref("CT3289847.searchRevert", "true");
    Line Deleted : user_pref("CT3289847.searchUserMode", "2");
    Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
    Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.20.1.8");
    Line Deleted : user_pref("CT3289847.xpeMode", "0");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=");
    Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=121299&tt=gc_&babsrc=NT_ss&mntrId=E8150024D28EF3E4");
    Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN20801883911045291&UM=2&SearchSource=3&q={searchTerms}");
    Line Deleted : user_pref("browser.search.order.1", "Delta Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN20801883911045291&UM=2&SearchSource=13");
    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.delta.id", "e815cc810000000000000024d28ef3e4");
    Line Deleted : user_pref("extensions.delta.instlDay", "15840");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1621:22:52");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
    Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,[email protected]:7,{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,[email protected]:1.20.00,[email protected][...]
    Line Deleted : user_pref("extensions.newAddons", "[email protected]");
    Line Deleted : user_pref("extentions.y2layers.installId", "1c6416ae-e479-4fff-baed-2dde4644db6c");
    Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20801883911045291&UM=2&q=");
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN20801883911045291&UM=2&SearchSource=13");
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20801883911045291&UM=2&q=");
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.machineId", "C3DCWZL5ZENVJOXXVSA300WZWCVWIFVCMM165HGRX3QUSFTYQRZUHVDHWZZ/YLGXHJT45BHUJWQ7HL2GKSBM1Q");

    -\\ Google Chrome v

    [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : urls_to_restore_on_startup
    Deleted : search_url

    *************************

    AdwCleaner[R0].txt - [33178 octets] - [05/10/2013 17:15:14]
    AdwCleaner[S0].txt - [33574 octets] - [05/10/2013 17:16:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33635 octets] ##########


    OTL Extras logfile created on: 10/5/2013 5:44:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19458)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 63.72% Memory free
    5.73 Gb Paging File | 4.63 Gb Available in Paging File | 80.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.67 Gb Total Space | 86.02 Gb Free Space | 38.63% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\Owner\AppData\Roaming\File Scout\filescout.exe" /open "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09CC85A8-718C-4214-BB26-626E177A3626}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
    "{D90BD888-803D-4671-815B-3313858E7F33}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07948D7B-05E8-409E-AEA2-5A4BCB15ABF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{123A94B3-F0FF-41A9-BC60-CBEF911548A9}" = dir=in | app=c:\program files\finaltorrent\ftcheckforupdates.exe |
    "{16B1B3E2-452F-49B6-8252-09206F99DBC8}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{1A32C0F2-B9A0-4744-A23F-9A35D1C3E357}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{1A780165-5C5E-4E88-AF4F-45C05CD62C64}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{1C0C0C57-1002-4901-9601-91E74435C906}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2437915A-7F2B-4C31-967C-76D1FFF55DB9}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{2DF9726D-E28C-463B-9A73-E11772C1DDDE}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{374FE04E-999D-47C4-AC1F-D4EB6095F73F}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{418F11F3-8614-458C-B68E-31F629D6BCC9}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{443477F3-007F-49DB-8014-F533160D8B80}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{48250A71-DEEE-45F1-8064-F68590D21306}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
    "{4A274C2C-AFFA-4329-8400-6278EB98DBA5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{510E2AF6-C1C1-4570-890E-2AF434850150}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{587D6E51-B3C8-4D17-BB96-116036E12273}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{61B64FD9-3A09-48D8-9BC0-5E5895D8F769}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{6E4CBD15-EA6A-46A2-8775-B5E7604C6C17}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{777D70B5-A78F-43DC-AE97-450F8A710D46}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{7C5A5E70-4CF9-4CBD-AEF0-B16E667C5979}" = dir=in | app=c:\users\owner\appdata\local\torch\plugins\torrent\torchtorrent.exe |
    "{886C84BA-A45D-4DB9-A858-C43236E07A3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{97DA254B-A8B4-4BE8-9649-2C56585A7029}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
    "{99A962E3-64DD-46BE-8D4E-758E64647F1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9A1F8538-EE56-4609-88CE-C007454B28B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9A4D5E22-2F0C-49EE-82CD-18AABF0D07E4}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{9C2F4327-9882-4A9C-9F98-0CF471939AA8}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
    "{A440EC52-3C13-4FE6-A890-8C8E76BF1997}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{AC7AE588-6305-45AD-959E-EBEDF4C6DFCB}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{B4850472-DEF7-46E6-BDD4-60DFF4956F67}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{B6993311-757A-48E5-960F-3120445FE99D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{B70D5B1F-5335-41B5-9003-A37BF238EA2C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{B74F57E7-C9FF-49ED-AD32-06EEE93B8F8A}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{C6B9F884-5EC4-466A-93CD-0F99D15440FE}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "{CB6E8C0D-6E3A-4AA6-A969-49342DF710AF}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{CF24FE04-C924-4A03-9661-C3359FE6537C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{D9B2B012-3D66-4074-BCE5-0EF0DA993CBB}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{D9C5EFBD-CA60-4302-BDD4-BC8FC0749195}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E053A50E-A3EF-4E8E-9698-EA292F33A947}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{E8FFA15A-A979-4F68-8717-38A5D5302BF9}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F30F7F3E-889C-4AD9-8240-B68919F824AE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{F510D8FD-BC6C-4F3A-8CF2-F6B0C69BFCE1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "{F77271C1-B559-4F2C-88F7-DCB9C4F48E55}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{FE864A7C-F414-4945-B0E9-0D6D17E4BE9F}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "TCP Query User{74E9612B-5BC7-49AD-A8AF-37DB3FD0D3D7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "TCP Query User{F57C32DB-D382-4AC9-A025-2573A60D4494}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{24B2BC65-14C3-45F5-BC7A-818E5A8F04C7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "UDP Query User{BCA4CCE1-D1D6-4C51-B87A-CB0EB5AA07CA}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0C1A6FCA-0775-D2EB-526A-DC9653758959}" = Catalyst Control Center Graphics Full Existing
    "{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{11208491-289A-4906-6BCF-2395B82AE50D}" = CCC Help Turkish
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AD559D4-9DBC-0CF5-2360-7DA195CC36B9}" = CCC Help Korean
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{277021F7-387E-8508-6D81-D2F3AB37D010}" = CCC Help Czech
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A6B75A2-A3C4-8EAF-1954-9B4CBEA35513}" = Skins
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
    "{32760231-5911-2B7E-45FC-EB5F3C0C40E2}" = CCC Help Danish
    "{364BF1A4-721C-E739-F66A-3A38CE4FACA3}" = CCC Help French
    "{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
    "{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
    "{3A2CAA46-4933-6F74-A190-56513A696137}" = Catalyst Control Center InstallProxy
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
    "{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A5F47C5-3F92-A1C4-DC7A-244882D97194}" = CCC Help Japanese
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "{51AB6E77-4B57-7CB6-F2C7-AB87FDAC2EC3}" = CCC Help English
    "{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "{53FCBAC9-8D76-4755-A558-DE9F2E072A9B}" = ASPCA Tri Reminder by We-Care.com v4.0.9.5
    "{58E0D2CC-5693-D69B-C732-C956845A3F88}" = CCC Help Spanish
    "{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5ED0BEE0-AC0C-F478-728F-9FBFADCEF8DB}" = CCC Help Chinese Traditional
    "{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
    "{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{619C8F04-BEB8-BD0F-4CC0-ABF922BE1E64}" = CCC Help German
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{70C335DB-BAE8-E513-A8E4-57351139C1AA}" = CCC Help Greek
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75B053D0-709C-8BC3-ADA3-923C3524062F}" = CCC Help Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{878D8350-B789-ED78-2F7D-86A3A98E4FAB}" = CCC Help Hungarian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{8A04B73D-8C7C-F661-72F0-6FF3B0DF24ED}" = ATI Catalyst Install Manager
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
    "{9267E76A-77DC-D8E2-DDD6-7855487A1C4E}" = CCC Help Chinese Standard
    "{9282C06B-7B63-37D7-D6FB-E8BBAAA81973}" = CCC Help Portuguese
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C3317F2-518F-D18A-2E94-97B781DCE713}" = CCC Help Norwegian
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A0D76D9F-8957-E8D5-A44F-3AEDE09E64D1}" = CCC Help Italian
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A98DDB09-6CC0-5EF4-AD51-7C4516E5DB61}" = ccc-utility
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
    "{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
    "{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
    "{B1FCFBC0-4169-E767-1F7E-F5A60E2EDBC1}" = Catalyst Control Center Graphics Previews Vista
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3B2C253-0AAA-075A-3BFE-63B23DB0826D}" = Catalyst Control Center Core Implementation
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BE43988B-0BDC-4B15-D88F-CD01398CD8E7}" = Catalyst Control Center Graphics Light
    "{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C6ADD182-21AA-14BE-7CB9-5AEF364F5406}" = Catalyst Control Center Localization All
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C9622E7C-94E3-7828-F3F9-21076B7F770B}" = CCC Help Swedish
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D4AFD09A-1255-4E6D-4AD9-B076B97559D3}" = CCC Help Thai
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DC53C564-A09A-DA0D-AA61-630AAF188857}" = CCC Help Polish
    "{DD8D1F1D-7FA5-A563-143C-3860FD9537F0}" = Catalyst Control Center Graphics Full New
    "{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
    "{DDBECC63-7E39-076D-F638-4DF15EB20298}" = CCC Help Dutch
    "{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
    "{E09863DF-93B4-5A14-0DA6-1BA841CFFB85}" = ccc-core-static
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{E8620372-B4D4-92C1-BD12-DBE2FF0F58C2}" = CCC Help Russian
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM Toolbar" = AIM Toolbar
    "AIM_6" = AIM 6
    "Akamai" = Akamai NetSession Interface Service
    "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
    "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "dcmsvc_is1" = dcmsvc 1.0
    "Diner Dash 2" = Diner Dash 2
    "Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
    "FinalTorrent_is1" = FinalTorrent 2011
    "Google Desktop" = Google Desktop
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "Picasa2" = Picasa 2
    "RollerCoaster Tycoon Setup" = Roll
    "SocialRibbons LP2" = SocialRibbons LP2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Trusted Software Assistant_is1" = File Type Assistant
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "Spotify" = Spotify
    "Torch" = Torch
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/3/2013 11:05:08 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1482

    Error - 10/3/2013 11:05:08 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1482

    Error - 10/5/2013 12:48:31 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/5/2013 12:48:31 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1435

    Error - 10/5/2013 12:48:31 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1435

    Error - 10/5/2013 12:52:29 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/5/2013 12:52:29 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 239570

    Error - 10/5/2013 12:52:29 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 239570

    Error - 10/5/2013 5:22:57 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application MotoConnect.exe, version 1.1.25.0, time stamp
    0x4bd8fcc6, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6,
    exception code 0xe06d7363, fault offset 0x0003fc16, process id 0x172c, application
    start time 0x01cec2110f5c87f0.

    Error - 10/5/2013 5:25:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/17/2013 10:18:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (2772.1128)

    Error - 5/17/2013 10:18:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (2772.1129)

    Error - 5/23/2013 7:35:57 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6088.1128)

    Error - 5/23/2013 7:35:57 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6088.1129)

    Error - 6/22/2013 7:35:56 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6464.1128)

    Error - 6/22/2013 7:35:56 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6464.1129)

    Error - 6/22/2013 8:39:02 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6076.1128)

    Error - 6/22/2013 8:39:02 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6076.1129)

    Error - 8/29/2013 12:09:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (3652.1128)

    Error - 8/29/2013 12:09:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (3652.1129)

    [ OSession Events ]
    Error - 9/15/2013 10:48:23 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 4224
    seconds with 2640 seconds of active time. This session ended with a crash.

    Error - 9/29/2013 12:37:04 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 9592
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/1/2013 8:59:08 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/1/2013 11:01:29 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:59:20 AM on 10/1/2013 was unexpected.

    Error - 10/1/2013 11:02:49 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/1/2013 11:04:05 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/1/2013 11:04:18 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 10/1/2013 11:04:27 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/1/2013 11:04:57 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/5/2013 5:25:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/5/2013 5:25:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/5/2013 5:26:22 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >


    OTL logfile created on: 10/5/2013 5:44:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19458)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 63.72% Memory free
    5.73 Gb Paging File | 4.63 Gb Available in Paging File | 80.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.67 Gb Total Space | 86.02 Gb Free Space | 38.63% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (All) ==========

    PRC - [2013/10/05 17:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2013/10/05 17:27:01 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/08/01 06:22:49 | 000,638,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
    PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/05/31 11:56:02 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
    PRC - [2013/05/31 11:55:40 | 000,553,288 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2013/03/08 21:28:08 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
    PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
    PRC - [2011/08/31 00:05:02 | 000,390,504 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2010/11/04 12:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
    PRC - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
    PRC - [2010/07/06 20:47:38 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/04/29 12:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2009/09/25 16:57:30 | 000,537,968 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/04/22 01:07:32 | 000,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/04/22 01:07:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/04/14 20:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
    PRC - [2009/04/14 20:57:12 | 001,318,912 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
    PRC - [2009/04/10 23:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
    PRC - [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
    PRC - [2009/04/10 23:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
    PRC - [2009/04/10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
    PRC - [2009/04/10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
    PRC - [2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
    PRC - [2009/04/10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 23:27:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
    PRC - [2009/04/09 19:01:10 | 000,570,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2009/04/09 19:00:50 | 000,656,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
    PRC - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2009/03/24 14:34:34 | 001,007,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/03/23 13:50:40 | 000,729,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/03/18 13:19:16 | 001,451,304 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PRC - [2009/03/18 13:19:16 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    PRC - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/03/12 21:11:04 | 006,965,792 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/03/06 21:29:04 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/02/26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    PRC - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    PRC - [2009/02/18 11:39:22 | 000,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    PRC - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/12/18 17:34:24 | 000,448,376 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2008/12/18 17:32:52 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    PRC - [2008/12/18 16:19:44 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    PRC - [2008/07/03 01:52:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
    PRC - [2008/07/03 01:51:20 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
    PRC - [2008/07/03 01:51:08 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
    PRC - [2008/01/20 22:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
    PRC - [2008/01/20 22:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
    PRC - [2008/01/20 22:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
    PRC - [2008/01/20 22:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
    PRC - [2008/01/20 22:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
    PRC - [2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
    PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2006/10/19 16:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/16 03:01:44 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
    MOD - [2013/08/16 03:01:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 03:00:54 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
    MOD - [2013/08/15 15:39:40 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
    MOD - [2013/08/15 15:38:41 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
    MOD - [2013/08/15 03:40:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
    MOD - [2013/08/15 03:37:49 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/12 03:59:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
    MOD - [2013/07/12 03:55:23 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/07/06 20:47:39 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
    MOD - [2009/07/21 15:42:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
    MOD - [2009/05/27 02:50:31 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3398.36836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3398.36818__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3398.36889__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3398.36827__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3398.36871__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3398.36875__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3398.36909__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3398.36827__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:30 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3398.36907__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3398.36864__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3398.36839__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3398.36828__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3398.36884__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:29 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3398.36843__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:29 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3398.36869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3398.36842__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3398.36868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3010.30513__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3010.30489__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3010.30504__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/05/27 02:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3010.30523__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3010.30487__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3010.30488__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3010.30539__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3010.30522__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3010.30503__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3010.30495__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3010.30503__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3010.30495__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3010.30511__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3010.30523__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3010.30502__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3010.30526__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3010.30512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/05/27 02:50:27 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3398.36823__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/05/27 02:50:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/05/27 02:50:27 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3398.36903__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3398.36902__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3398.36816__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3398.36818__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2009/05/27 02:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3398.36816__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/05/27 02:50:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3398.36814__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3398.36914__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3010.30492__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3010.30497__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3010.30509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3010.30512__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3010.30500__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3010.30511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3010.30510__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3010.30518__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3010.30511__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/05/27 02:50:27 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3398.36903__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3010.30502__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2009/05/27 02:50:27 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2009/05/27 02:50:27 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3398.36814__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/04/22 01:05:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
    MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2009/03/07 16:15:46 | 007,005,496 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/01/31 01:11:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/01/30 13:41:20 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2008/07/14 13:37:00 | 000,095,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2013/09/21 20:44:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/07/01 15:09:29 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
    SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2009/04/22 01:07:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/04/14 20:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/04/09 19:00:50 | 000,656,752 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
    SRV - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/11/20 22:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
    SRV - [2008/11/20 22:07:08 | 000,125,440 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2013/09/30 18:57:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/04/22 02:30:14 | 004,491,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/03/20 23:29:18 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2009/02/16 18:01:48 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/11/20 22:02:48 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2008/11/20 21:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/08/22 13:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV - [2008/08/20 13:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
    DRV - [2008/08/20 13:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80)
    DRV - [2008/04/28 12:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
    DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/04/23 13:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
    DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
    IE - HKLM\..\SearchScopes\{1F894CD2-51F5-4A4F-A247-89187AC474FD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll ()
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes,DefaultScope = {1F894CD2-51F5-4A4F-A247-89187AC474FD}
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{1F894CD2-51F5-4A4F-A247-89187AC474FD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS341US342
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_enUS341US342&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

    ========== FireFox ==========

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 04:06:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/22 21:27:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 21:27:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Owner\AppData\Roaming\Move Networks [2009/09/12 20:59:18 | 000,000,000 | ---D | M]

    [2011/07/07 23:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2013/10/05 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions
    [2011/03/13 14:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/09/18 14:47:23 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(59)
    [2011/07/17 23:39:04 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\[email protected]
    [2011/09/18 14:34:09 | 000,001,945 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\wpytcw1y.default\searchplugins\bing-zugo.xml
    [2013/10/05 17:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/12 10:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2009/09/12 20:59:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

    ========== Chrome ==========

    CHR - default_search_provider: foxnews.com (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

    O1 HOSTS File: ([2010/08/07 14:11:47 | 000,000,501 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.runescape.com
    O1 - Hosts: 127.0.0.1 runescape.com
    O1 - Hosts: 127.0.0.1 213.146.191.50
    O1 - Hosts: 127.0.0.1 www.rsbot.org
    O1 - Hosts: 127.0.0.1 rsbot.org
    O1 - Hosts: 127.0.0.1 www.runehq.com
    O1 - Hosts: 127.0.0.1 runehq.com
    O1 - Hosts: 127.0.0.1 www.jagex.com
    O1 - Hosts: 127.0.0.1 jagex.com
    O1 - Hosts: 127.0.0.1 www.hackforums.net
    O1 - Hosts: 127.0.0.1 hackforums.net
    O1 - Hosts: 127.0.0.1 google.com
    O1 - Hosts: 127.0.0.1 www.google.uk
    O1 - Hosts: 127.0.0.1 google.uk
    O1 - Hosts: 127.0.0.1 www.google.us
    O1 - Hosts: 127.0.0.1 google.us
    O1 - Hosts: 127.0.0.1 www.google.nl
    O1 - Hosts: 127.0.0.1 google.nl
    O1 - Hosts: 127.0.0.1 www.google.fr
    O1 - Hosts: 127.0.0.1 google.fr
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (SocialRibbons LP2) - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
    O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
    O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [###Name###] ###Drive:\Path\Name.exe### File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Spotify] C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKLM..\RunOnce: [Browsersafeguard-pitch Data Uninstall] C:\Program Files\Browsersafeguard [2013/10/05 17:30:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C}: DhcpNameServer = 68.87.64.216 68.87.66.216
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8615EEBB-3B94-43E2-8865-DD1B001DE0BD}: DhcpNameServer = 209.183.33.23 209.183.35.23
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\Downloads\images.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Downloads\images.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{1648739e-2e3d-11e0-9441-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{1648739e-2e3d-11e0-9441-001e33c32c70}\Shell\AutoRun\command - "" = F:\setup.exe -a
    O33 - MountPoints2\{1722be82-5753-11e1-9f3d-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{1722be82-5753-11e1-9f3d-001e33c32c70}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{2cd0028e-9fff-11de-a9c8-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{2cd0028e-9fff-11de-a9c8-001e33c32c70}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{a2e04a2c-dd85-11df-863e-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2e04a2c-dd85-11df-863e-001e33c32c70}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
    O33 - MountPoints2\{c4fd19e6-9f27-11de-87d1-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4fd19e6-9f27-11de-87d1-001e33c32c70}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/05 17:40:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/10/05 17:14:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/10/05 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Browsersafeguard
    [2013/10/05 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
    [2013/09/30 15:52:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2013/09/13 18:45:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
    [2013/09/13 18:45:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/09/13 18:45:37 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/09/13 18:45:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/09/13 18:45:37 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/09/13 18:45:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2013/09/13 18:45:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/09/13 18:45:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/09/13 18:45:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/09/13 18:45:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/09/13 18:45:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/09/13 18:45:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/09/13 18:45:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/09/13 18:45:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/09/13 18:45:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/09/13 18:45:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/09/13 18:45:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/09/13 18:45:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/09/13 18:45:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/09/13 18:45:08 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/05 17:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/10/05 17:24:35 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
    [2013/10/05 17:24:27 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
    [2013/10/05 17:24:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/05 17:24:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/05 17:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/05 17:24:08 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/05 17:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000UA.job
    [2013/10/05 17:14:07 | 001,045,226 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/10/05 17:08:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000UA.job
    [2013/10/05 17:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/10/05 09:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000Core.job
    [2013/10/05 08:08:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000Core.job
    [2013/10/05 02:45:01 | 000,007,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2013/10/03 22:14:26 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/10/03 22:14:26 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/10/03 20:57:24 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
    [2013/09/30 18:57:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2013/09/21 20:44:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/09/21 20:44:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/09/21 12:31:14 | 000,002,055 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/09/21 12:31:14 | 000,002,053 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2013/09/15 03:32:10 | 000,338,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/05 17:13:34 | 001,045,226 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/09/30 17:50:58 | 2950,520,832 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/09 18:58:38 | 000,000,719 | ---- | C] () -- C:\Windows\hegames.ini
    [2010/08/03 16:13:17 | 000,000,000 | ---- | C] () -- C:\Users\Owner\jagex__preferences3.dat
    [2010/02/21 15:26:12 | 000,050,493 | ---- | C] () -- C:\Users\Owner\CURLING.jpg
    [2010/02/11 16:24:40 | 000,007,728 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/10/26 15:23:18 | 000,000,099 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
    [2009/10/26 15:21:52 | 000,000,046 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat
    [2009/09/05 16:08:17 | 000,056,320 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/07/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Bytemobile
    [2011/07/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Bytemobile
    [2009/08/23 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
    [2012/02/26 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aimersoft Video Converter Std
    [2009/09/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bytemobile
    [2009/12/24 08:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
    [2012/02/26 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digiarty
    [2011/07/14 13:54:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fighters
    [2013/04/02 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FinalTorrent
    [2010/06/20 17:48:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2013/05/14 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RocketPDF
    [2013/08/18 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
    [2009/09/12 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sierra Wireless
    [2013/10/05 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
    [2013/05/20 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TFP
    [2009/08/12 19:21:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cricketuse,
    ---------------------------------------------
    Symantec did not remove everything as it should. This is a common problem.
    To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
    http://www.symantec.com/norton/supp...e=public_web&docurl=20080710133834EN&ln=en_US
    Perform the DownLoad for your version of Windows (download to your desktop as it says).
    On your desktop, click on Norton Removal Tool and follow the instructions.
    Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      
      :OTL
      IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: - No CLSID value found
      IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll ()
      [2011/09/18 14:47:23 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(59)
      [2011/07/17 23:39:04 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\[email protected]
      [2011/09/18 14:34:09 | 000,001,945 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\wpytcw1y.default\se archplugins\bing-zugo.xml
      [2012/07/12 10:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\[email protected]
      [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
      [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

    askey127
     
  5. cricketuse

    cricketuse Thread Starter

    Joined:
    Aug 27, 2006
    Messages:
    63
    The olt fix run ran for 6 hours and never rebooted. is that normal or did i do something wrong?

    olt did have 2 logs. plus i was able to run malware. all three logs below.



    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21799
    [LocalizedFileNames]
    Microsoft Office - 60 Day [email protected]:\PROGRA~1\MICROS~4\mui\oaa.dll,-103
    Norton Internet [email protected]:\PROGRA~1\NORTON~2\Branding\muis.dll,-102
    WildTangent Games App - [email protected]:\PROGRA~1\WILDTA~1\TOUCHP~1\toshiba\MUILink.exe,-105


    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
    [LocalizedFileNames]
    Launch Internet Explorer [email protected]%windir%\System32\ie4uinit.exe,-733
    Windows Movie [email protected]%ProgramFiles%\Movie Maker\MovieMk.dll,-61403



    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.05.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19458
    Owner :: OWNER-PC [administrator]

    10/5/2013 6:19:02 PM
    mbam-log-2013-10-05 (18-19-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 449147
    Time elapsed: 3 hour(s), 6 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

    Files Detected: 17
    C:\$Recycle.Bin\S-1-5-21-1943577299-1749160357-1101987479-1000\$RC23MCM.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\upd7F19\BabMaint.x (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\5008987C-BAB0-7891-8863-1A1C46A1525E\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\5008987C-BAB0-7891-8863-1A1C46A1525E\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\5008987C-BAB0-7891-8863-1A1C46A1525E\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\RocketPDFSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\iLividSetup-r654-n-bc (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\iLividSetup-r654-n-bc (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\iLividSetup-r654-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\iLividSetup_C-r514-t-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Audacity_40.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\finaltorrent.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\GameHouse-Installer_am-supergamehousesolitaire_gamehouse_[1].exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\jenkatarcade[1].exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\setup__155[1].exe (PUP.Optional.Amonetize.AS) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

    (end)
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cricketuse,
    Make sure the computer restarted since the OTL fix was run.
    Did the Norton removal run OK?
    ---------------------------------------------
    Run a Scan with OTL
    • For Vista or Win7, right click the icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    askey127
     
  7. cricketuse

    cricketuse Thread Starter

    Joined:
    Aug 27, 2006
    Messages:
    63
    I did reboot my computer after the run fix. Norton was removed via the link you sent previously.

    two OLT files below.

    again thanks for the help.

    OTL Extras logfile created on: 10/7/2013 12:02:06 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19458)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.12% Memory free
    5.73 Gb Paging File | 4.63 Gb Available in Paging File | 80.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.67 Gb Total Space | 88.10 Gb Free Space | 39.57% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\Owner\AppData\Roaming\File Scout\filescout.exe" /open "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{9CB41DAF-082A-448B-A0E4-0AA758BB0999}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
    "{C0D3E803-B1F7-404A-BB0A-CAD063D98636}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07948D7B-05E8-409E-AEA2-5A4BCB15ABF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{123A94B3-F0FF-41A9-BC60-CBEF911548A9}" = dir=in | app=c:\program files\finaltorrent\ftcheckforupdates.exe |
    "{16B1B3E2-452F-49B6-8252-09206F99DBC8}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{1A32C0F2-B9A0-4744-A23F-9A35D1C3E357}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{1A780165-5C5E-4E88-AF4F-45C05CD62C64}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{1C0C0C57-1002-4901-9601-91E74435C906}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2437915A-7F2B-4C31-967C-76D1FFF55DB9}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{2DF9726D-E28C-463B-9A73-E11772C1DDDE}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{374FE04E-999D-47C4-AC1F-D4EB6095F73F}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{418F11F3-8614-458C-B68E-31F629D6BCC9}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{443477F3-007F-49DB-8014-F533160D8B80}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{48250A71-DEEE-45F1-8064-F68590D21306}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
    "{4A274C2C-AFFA-4329-8400-6278EB98DBA5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{510E2AF6-C1C1-4570-890E-2AF434850150}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{587D6E51-B3C8-4D17-BB96-116036E12273}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{602D89FC-72C6-4BA9-9E9C-63D7E91498E8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsd3e1.tmp\symnrt.exe |
    "{61B64FD9-3A09-48D8-9BC0-5E5895D8F769}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{62E52B91-A33B-4D00-BEDF-61729F9F5912}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsd3e1.tmp\symnrt.exe |
    "{661F0F13-238D-4E9B-80BA-28E35E54AB2B}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsc19c.tmp\symnrt.exe |
    "{6C58624F-85EB-427C-BB98-D0E5D8EE7161}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsc19c.tmp\symnrt.exe |
    "{6E4CBD15-EA6A-46A2-8775-B5E7604C6C17}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{777D70B5-A78F-43DC-AE97-450F8A710D46}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{7C5A5E70-4CF9-4CBD-AEF0-B16E667C5979}" = dir=in | app=c:\users\owner\appdata\local\torch\plugins\torrent\torchtorrent.exe |
    "{886C84BA-A45D-4DB9-A858-C43236E07A3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{97DA254B-A8B4-4BE8-9649-2C56585A7029}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
    "{99A962E3-64DD-46BE-8D4E-758E64647F1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9A1F8538-EE56-4609-88CE-C007454B28B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9A4D5E22-2F0C-49EE-82CD-18AABF0D07E4}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{9C2F4327-9882-4A9C-9F98-0CF471939AA8}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp2\troubleshooter.exe |
    "{A440EC52-3C13-4FE6-A890-8C8E76BF1997}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{AC7AE588-6305-45AD-959E-EBEDF4C6DFCB}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{B4850472-DEF7-46E6-BDD4-60DFF4956F67}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{B6993311-757A-48E5-960F-3120445FE99D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{B70D5B1F-5335-41B5-9003-A37BF238EA2C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{B74F57E7-C9FF-49ED-AD32-06EEE93B8F8A}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{C6B9F884-5EC4-466A-93CD-0F99D15440FE}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "{CB6E8C0D-6E3A-4AA6-A969-49342DF710AF}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{CF24FE04-C924-4A03-9661-C3359FE6537C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{D9B2B012-3D66-4074-BCE5-0EF0DA993CBB}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "{D9C5EFBD-CA60-4302-BDD4-BC8FC0749195}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E053A50E-A3EF-4E8E-9698-EA292F33A947}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{E8FFA15A-A979-4F68-8717-38A5D5302BF9}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F30F7F3E-889C-4AD9-8240-B68919F824AE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{F510D8FD-BC6C-4F3A-8CF2-F6B0C69BFCE1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "{F77271C1-B559-4F2C-88F7-DCB9C4F48E55}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{FE864A7C-F414-4945-B0E9-0D6D17E4BE9F}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "TCP Query User{74E9612B-5BC7-49AD-A8AF-37DB3FD0D3D7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "TCP Query User{F57C32DB-D382-4AC9-A025-2573A60D4494}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{24B2BC65-14C3-45F5-BC7A-818E5A8F04C7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "UDP Query User{BCA4CCE1-D1D6-4C51-B87A-CB0EB5AA07CA}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0C1A6FCA-0775-D2EB-526A-DC9653758959}" = Catalyst Control Center Graphics Full Existing
    "{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{11208491-289A-4906-6BCF-2395B82AE50D}" = CCC Help Turkish
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AD559D4-9DBC-0CF5-2360-7DA195CC36B9}" = CCC Help Korean
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{277021F7-387E-8508-6D81-D2F3AB37D010}" = CCC Help Czech
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A6B75A2-A3C4-8EAF-1954-9B4CBEA35513}" = Skins
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
    "{32760231-5911-2B7E-45FC-EB5F3C0C40E2}" = CCC Help Danish
    "{364BF1A4-721C-E739-F66A-3A38CE4FACA3}" = CCC Help French
    "{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
    "{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
    "{3A2CAA46-4933-6F74-A190-56513A696137}" = Catalyst Control Center InstallProxy
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
    "{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A5F47C5-3F92-A1C4-DC7A-244882D97194}" = CCC Help Japanese
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "{51AB6E77-4B57-7CB6-F2C7-AB87FDAC2EC3}" = CCC Help English
    "{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "{53FCBAC9-8D76-4755-A558-DE9F2E072A9B}" = ASPCA Tri Reminder by We-Care.com v4.0.9.5
    "{58E0D2CC-5693-D69B-C732-C956845A3F88}" = CCC Help Spanish
    "{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5ED0BEE0-AC0C-F478-728F-9FBFADCEF8DB}" = CCC Help Chinese Traditional
    "{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
    "{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{619C8F04-BEB8-BD0F-4CC0-ABF922BE1E64}" = CCC Help German
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{70C335DB-BAE8-E513-A8E4-57351139C1AA}" = CCC Help Greek
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75B053D0-709C-8BC3-ADA3-923C3524062F}" = CCC Help Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{878D8350-B789-ED78-2F7D-86A3A98E4FAB}" = CCC Help Hungarian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{8A04B73D-8C7C-F661-72F0-6FF3B0DF24ED}" = ATI Catalyst Install Manager
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
    "{9267E76A-77DC-D8E2-DDD6-7855487A1C4E}" = CCC Help Chinese Standard
    "{9282C06B-7B63-37D7-D6FB-E8BBAAA81973}" = CCC Help Portuguese
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C3317F2-518F-D18A-2E94-97B781DCE713}" = CCC Help Norwegian
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A0D76D9F-8957-E8D5-A44F-3AEDE09E64D1}" = CCC Help Italian
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A98DDB09-6CC0-5EF4-AD51-7C4516E5DB61}" = ccc-utility
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
    "{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
    "{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
    "{B1FCFBC0-4169-E767-1F7E-F5A60E2EDBC1}" = Catalyst Control Center Graphics Previews Vista
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3B2C253-0AAA-075A-3BFE-63B23DB0826D}" = Catalyst Control Center Core Implementation
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BE43988B-0BDC-4B15-D88F-CD01398CD8E7}" = Catalyst Control Center Graphics Light
    "{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C6ADD182-21AA-14BE-7CB9-5AEF364F5406}" = Catalyst Control Center Localization All
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C9622E7C-94E3-7828-F3F9-21076B7F770B}" = CCC Help Swedish
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D4AFD09A-1255-4E6D-4AD9-B076B97559D3}" = CCC Help Thai
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DC53C564-A09A-DA0D-AA61-630AAF188857}" = CCC Help Polish
    "{DD8D1F1D-7FA5-A563-143C-3860FD9537F0}" = Catalyst Control Center Graphics Full New
    "{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
    "{DDBECC63-7E39-076D-F638-4DF15EB20298}" = CCC Help Dutch
    "{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
    "{E09863DF-93B4-5A14-0DA6-1BA841CFFB85}" = ccc-core-static
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{E8620372-B4D4-92C1-BD12-DBE2FF0F58C2}" = CCC Help Russian
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM Toolbar" = AIM Toolbar
    "AIM_6" = AIM 6
    "Akamai" = Akamai NetSession Interface Service
    "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
    "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "dcmsvc_is1" = dcmsvc 1.0
    "Diner Dash 2" = Diner Dash 2
    "Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
    "FinalTorrent_is1" = FinalTorrent 2011
    "Google Desktop" = Google Desktop
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "Picasa2" = Picasa 2
    "RollerCoaster Tycoon Setup" = Roll
    "SocialRibbons LP2" = SocialRibbons LP2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Trusted Software Assistant_is1" = File Type Assistant
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "Spotify" = Spotify
    "Torch" = Torch
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/7/2013 5:28:21 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/7/2013 5:28:21 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 28645309

    Error - 10/7/2013 5:28:21 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 28645309

    Error - 10/7/2013 5:28:37 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/7/2013 5:28:37 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 28660909

    Error - 10/7/2013 5:28:37 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 28660909

    Error - 10/7/2013 5:28:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/7/2013 5:28:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 28676712

    Error - 10/7/2013 5:28:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 28676712

    Error - 10/7/2013 11:42:20 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/17/2013 10:18:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (2772.1128)

    Error - 5/17/2013 10:18:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (2772.1129)

    Error - 5/23/2013 7:35:57 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6088.1128)

    Error - 5/23/2013 7:35:57 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6088.1129)

    Error - 6/22/2013 7:35:56 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6464.1128)

    Error - 6/22/2013 7:35:56 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6464.1129)

    Error - 6/22/2013 8:39:02 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (6076.1128)

    Error - 6/22/2013 8:39:02 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (6076.1129)

    Error - 8/29/2013 12:09:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (3652.1128)

    Error - 8/29/2013 12:09:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (3652.1129)

    [ OSession Events ]
    Error - 9/15/2013 10:48:23 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 4224
    seconds with 2640 seconds of active time. This session ended with a crash.

    Error - 9/29/2013 12:37:04 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 9592
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/6/2013 9:28:03 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:26:31 AM on 10/6/2013 was unexpected.

    Error - 10/6/2013 9:30:38 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/6/2013 9:30:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/6/2013 9:30:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/6/2013 9:31:14 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/6/2013 6:30:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/6/2013 6:30:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/6/2013 6:31:20 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/7/2013 11:43:22 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/7/2013 11:44:03 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >


    OTL logfile created on: 10/7/2013 12:02:06 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19458)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.12% Memory free
    5.73 Gb Paging File | 4.63 Gb Available in Paging File | 80.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.67 Gb Total Space | 88.10 Gb Free Space | 39.57% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/05 17:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2013/10/05 17:27:01 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/04/29 12:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2009/09/25 16:57:30 | 000,537,968 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    PRC - [2009/04/22 01:07:32 | 000,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/04/22 01:07:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/04/14 20:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
    PRC - [2009/04/14 20:57:12 | 001,318,912 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/09 19:01:10 | 000,570,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2009/04/09 19:00:50 | 000,656,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
    PRC - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2009/03/24 14:34:34 | 001,007,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/03/23 13:50:40 | 000,729,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/03/06 21:29:04 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    PRC - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/12/18 17:34:24 | 000,448,376 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/16 03:01:44 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
    MOD - [2013/08/16 03:01:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 03:00:54 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
    MOD - [2013/08/15 15:39:40 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
    MOD - [2013/08/15 15:38:41 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
    MOD - [2013/08/15 03:40:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
    MOD - [2013/08/15 03:37:49 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/12 03:59:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
    MOD - [2013/07/12 03:55:23 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/07/21 15:42:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
    MOD - [2009/05/27 02:50:31 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3398.36836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3398.36818__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3398.36889__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3398.36827__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3398.36871__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3398.36875__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3398.36909__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3398.36827__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:30 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3398.36907__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3398.36864__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3398.36839__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3398.36828__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3398.36884__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:29 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3398.36843__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2009/05/27 02:50:29 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3398.36869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2009/05/27 02:50:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3398.36842__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3398.36868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2009/05/27 02:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3010.30513__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3010.30489__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3010.30504__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/05/27 02:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3010.30523__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3010.30487__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3010.30488__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3010.30539__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/05/27 02:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3010.30522__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3010.30503__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3010.30495__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3010.30503__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3010.30495__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3010.30511__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3010.30523__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3010.30502__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3010.30526__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3010.30512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/05/27 02:50:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/05/27 02:50:27 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3398.36823__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/05/27 02:50:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/05/27 02:50:27 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3398.36903__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3398.36902__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3398.36816__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3398.36818__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2009/05/27 02:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3398.36816__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/05/27 02:50:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3398.36814__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3398.36914__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3010.30492__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3010.30497__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3010.30509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3010.30512__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3010.30500__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3010.30511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3010.30510__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3010.30518__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2009/05/27 02:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3010.30511__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/05/27 02:50:27 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3398.36903__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/05/27 02:50:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3010.30502__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/05/27 02:50:27 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2009/05/27 02:50:27 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2009/05/27 02:50:27 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3398.36814__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/04/22 01:05:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
    MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2009/03/07 16:15:46 | 007,005,496 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/01/31 01:11:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/01/30 13:41:20 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2008/07/14 13:37:00 | 000,095,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2013/09/21 20:44:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/07/01 15:09:29 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
    SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2009/04/22 01:07:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/04/14 20:57:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/04/09 19:00:50 | 000,656,752 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
    SRV - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/11/20 22:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
    SRV - [2008/11/20 22:07:08 | 000,125,440 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/04/22 02:30:14 | 004,491,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/03/20 23:29:18 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2009/02/16 18:01:48 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/11/20 22:02:48 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2008/11/20 21:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/08/22 13:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV - [2008/08/20 13:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
    DRV - [2008/08/20 13:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80)
    DRV - [2008/04/28 12:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
    DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/04/23 13:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
    DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
    IE - HKLM\..\SearchScopes\{1F894CD2-51F5-4A4F-A247-89187AC474FD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes,DefaultScope = {1F894CD2-51F5-4A4F-A247-89187AC474FD}
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{1F894CD2-51F5-4A4F-A247-89187AC474FD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS341US342
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_enUS341US342&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;<local>

    ========== FireFox ==========

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 04:06:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/22 21:27:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 22:57:10 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Owner\AppData\Roaming\Move Networks [2009/09/12 20:59:18 | 000,000,000 | ---D | M]

    [2013/10/05 21:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2013/10/05 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions
    [2011/03/13 14:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/09/18 14:47:23 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(59)
    [2011/07/17 23:39:04 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\extensions\[email protected]
    [2011/09/18 14:34:09 | 000,001,945 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\wpytcw1y.default\searchplugins\bing-zugo.xml
    [2013/10/05 22:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2009/09/12 20:59:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EXTENSIONS\[email protected]

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN56464557921777268&ctid=CT3289847&UM=2
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN56464557921777268&UM=2
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

    O1 HOSTS File: ([2010/08/07 14:11:47 | 000,000,501 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.runescape.com
    O1 - Hosts: 127.0.0.1 runescape.com
    O1 - Hosts: 127.0.0.1 213.146.191.50
    O1 - Hosts: 127.0.0.1 www.rsbot.org
    O1 - Hosts: 127.0.0.1 rsbot.org
    O1 - Hosts: 127.0.0.1 www.runehq.com
    O1 - Hosts: 127.0.0.1 runehq.com
    O1 - Hosts: 127.0.0.1 www.jagex.com
    O1 - Hosts: 127.0.0.1 jagex.com
    O1 - Hosts: 127.0.0.1 www.hackforums.net
    O1 - Hosts: 127.0.0.1 hackforums.net
    O1 - Hosts: 127.0.0.1 google.com
    O1 - Hosts: 127.0.0.1 www.google.uk
    O1 - Hosts: 127.0.0.1 google.uk
    O1 - Hosts: 127.0.0.1 www.google.us
    O1 - Hosts: 127.0.0.1 google.us
    O1 - Hosts: 127.0.0.1 www.google.nl
    O1 - Hosts: 127.0.0.1 google.nl
    O1 - Hosts: 127.0.0.1 www.google.fr
    O1 - Hosts: 127.0.0.1 google.fr
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (SocialRibbons LP2) - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll ()
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
    O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
    O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [###Name###] ###Drive:\Path\Name.exe### File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Spotify] C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1943577299-1749160357-1101987479-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C}: DhcpNameServer = 68.87.64.216 68.87.66.216
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8615EEBB-3B94-43E2-8865-DD1B001DE0BD}: DhcpNameServer = 209.183.33.23 209.183.35.23
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0953BCA-B4AB-470A-BA92-66328C9D0A90}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\Downloads\images.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Downloads\images.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{1648739e-2e3d-11e0-9441-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{1648739e-2e3d-11e0-9441-001e33c32c70}\Shell\AutoRun\command - "" = F:\setup.exe -a
    O33 - MountPoints2\{1722be82-5753-11e1-9f3d-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{1722be82-5753-11e1-9f3d-001e33c32c70}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{2cd0028e-9fff-11de-a9c8-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{2cd0028e-9fff-11de-a9c8-001e33c32c70}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{a2e04a2c-dd85-11df-863e-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2e04a2c-dd85-11df-863e-001e33c32c70}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
    O33 - MountPoints2\{c4fd19e6-9f27-11de-87d1-001e33c32c70}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4fd19e6-9f27-11de-87d1-001e33c32c70}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/05 22:56:20 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/10/05 17:40:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/10/05 17:14:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/10/05 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
    [2013/09/13 18:45:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
    [2013/09/13 18:45:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/09/13 18:45:37 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/09/13 18:45:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/09/13 18:45:37 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/09/13 18:45:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2013/09/13 18:45:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/09/13 18:45:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/09/13 18:45:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/09/13 18:45:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/09/13 18:45:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/09/13 18:45:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/09/13 18:45:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/09/13 18:45:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/09/13 18:45:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/09/13 18:45:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/09/13 18:45:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/09/13 18:45:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/09/13 18:45:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/09/13 18:45:08 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/07 12:03:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/10/07 11:40:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/07 11:40:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/07 11:40:54 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
    [2013/10/07 11:40:53 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
    [2013/10/07 11:40:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/07 11:40:39 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/07 11:39:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000Core.job
    [2013/10/07 11:37:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000Core.job
    [2013/10/07 11:30:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000UA.job
    [2013/10/07 11:30:54 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1943577299-1749160357-1101987479-1000UA.job
    [2013/10/05 22:44:44 | 000,869,456 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2013/10/05 17:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/10/05 17:14:07 | 001,045,226 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/10/05 02:45:01 | 000,007,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2013/10/03 22:14:26 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/10/03 22:14:26 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/10/03 20:57:24 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
    [2013/09/21 20:44:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/09/21 20:44:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/09/21 12:31:14 | 000,002,055 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/09/21 12:31:14 | 000,002,053 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2013/09/15 03:32:10 | 000,338,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/05 22:44:35 | 000,869,456 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2013/10/05 17:13:34 | 001,045,226 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/09/30 17:50:58 | 2950,520,832 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/09 18:58:38 | 000,000,719 | ---- | C] () -- C:\Windows\hegames.ini
    [2010/08/03 16:13:17 | 000,000,000 | ---- | C] () -- C:\Users\Owner\jagex__preferences3.dat
    [2010/02/21 15:26:12 | 000,050,493 | ---- | C] () -- C:\Users\Owner\CURLING.jpg
    [2010/02/11 16:24:40 | 000,007,728 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/10/26 15:23:18 | 000,000,099 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
    [2009/10/26 15:21:52 | 000,000,046 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat
    [2009/09/05 16:08:17 | 000,056,320 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/07/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Bytemobile
    [2011/07/06 12:06:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Bytemobile
    [2009/08/23 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
    [2012/02/26 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aimersoft Video Converter Std
    [2009/09/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bytemobile
    [2009/12/24 08:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
    [2012/02/26 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digiarty
    [2011/07/14 13:54:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fighters
    [2013/04/02 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FinalTorrent
    [2010/06/20 17:48:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2013/05/14 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RocketPDF
    [2013/08/18 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
    [2009/09/12 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sierra Wireless
    [2013/10/07 11:59:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
    [2013/05/20 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TFP
    [2009/08/12 19:21:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cricketuse,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

    Yahoo! BrowserPlus

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :processes
      killallprocesses
      
      :OTL
      [2011/09/18 14:47:23 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(59)
      [2011/07/17 23:39:04 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\[email protected]
      File not found (No name found) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{12A9DB21-42A2-492D-A85C-CDDE0C88B608}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
      File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPYTCW1Y.DEFAULT\EX TENSIONS\[email protected]
      CHR - default_search_provider: Conduit (Enabled)
      CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN56464557921777268&ctid=C T3289847&UM=2
      CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN56464557921777268&UM=2
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dl l
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
      CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserpl us_2.4.21.dll
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [Reboot]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    Tell me how it's running.
    askey127
     
  9. cricketuse

    cricketuse Thread Starter

    Joined:
    Aug 27, 2006
    Messages:
    63
    Laptop seems to be working now. Thank you. Here's the latest log; let me know if you see any issues.

    Thanks again for you help.

    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== PROCESSES ==========
    All processes killed
    ========== OTL ==========
    Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(59)\ not found.
    Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wpytcw1y.default\ex tensions\[email protected]\ not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    File C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
    File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dl l not found.
    File C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
    File C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
    File C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserpl us_2.4.21.dll not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Owner\Desktop\cmd.bat deleted successfully.
    C:\Users\Owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.69.0 log created on 11032013_141842

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cricketuse,
    Glad we could help. Looks OK now.
    If you are satisfied with the operation of the machine, you can mark this thread Solved.
    Good Luck.
    askey127
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1109686

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice