Help with Barowwsoe2Save Virus

[dlubell]

Ok, per my other thread, and with feedback from Tashi, I think I'm ready to roll. Here are my logs in hopes of getting started with an analysis of my situation. Like others in previous threads, I have Windows 7 and don't believe that I can run ERUNT.

Also, I turned off Teatimer before I ran Spybot as Administrator.

Please note, I replaced my name, given in some file names, since it's a personal computer, and replaced it with "REDACTED". If that makes for any confusion, please let me know and I will address it immediately.

Again, many thanks in advance for the assistance!

-David


DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.25.2
Run by [REDACTED] at 18:20:26 on 2014-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.2989 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\REDACTED\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
E:\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\windows\splwow64.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.toshiba.com/g/
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;192.168.*.*;*.local
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE

\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\REDACTED\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\DAVIDL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E7F52C0-2F71-400A-B2F8-A39E6683DD80} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}\1417571634865656471686 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}\1417571634865656471686D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}\245637473756C6C656273734166656 : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}\759664966427565693 : DHCPNameServer = 172.20.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - <no file>
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

--multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE

\rndlbrowserrecordplugin64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\VDownloader\Addons\npVDownloader.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Users\REDACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: E:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1503000.00C\symds64.sys [2014-5-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1503000.00C\symefa64.sys [2014-5-16 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-5-9 1530160]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-16 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140520.001\IDSviA64.sys [2014-5-20 525016]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1503000.00C\ironx64.sys [2014-5-16 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1503000.00C\symnets.sys [2014-5-16 593112]
R1 wStLibG64;wStLibG64;C:\windows\System32\drivers\wStLibG64.sys [2014-4-17 61120]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-9-11 204288]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-9-11 162824]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-16 276376]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-9-11 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-9-11 126392]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-12 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-4-6 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-21 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-4-7 23552]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2011-9-11 14112]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-7 1153368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-9-11 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-25 137648]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-9-11 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\System32\drivers\stdriver64.sys [2012-5-25 103512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-9-11 42096]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-5-15 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 RDID1098;UA-1G;C:\windows\System32\drivers\Rdwm1098.sys [2012-6-12 158592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-12 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-9-11 250984]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-9-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-15 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-21 15:28:57 -------- d-----w- C:\Users\REDACTED\AppData\Roaming\RealNetworks
2014-05-21 15:27:52 -------- d-----w- C:\ProgramData\RealNetworks
2014-05-21 15:27:52 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-05-21 15:25:55 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-05-21 15:25:35 153672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2014-05-21 15:24:48 148040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2014-05-21 15:23:51 505416 ----a-w- C:\windows\SysWow64\msvcp71.dll
2014-05-21 15:23:51 353864 ----a-w- C:\windows\SysWow64\msvcr71.dll
2014-05-21 03:53:15 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-05-21 03:51:15 -------- d-----w- C:\AdwCleaner
2014-05-20 04:39:52 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-20 04:39:29 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-20 04:39:29 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-20 04:39:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 02:28:23 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-20 02:28:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-20 02:01:16 -------- d-----w- C:\Program Files (x86)\QueenoCeoupon
2014-05-20 02:01:12 -------- d-----w- C:\Program Files (x86)\saverON
2014-05-20 01:44:02 -------- d-----w- C:\ProgramData\saverON
2014-05-19 21:44:13 -------- d-----w- C:\ProgramData\9ddfa9f7f5a0309b
2014-05-19 21:44:07 -------- d-----w- C:\Users\REDACTED\AppData\Local\Packages
2014-05-19 21:44:00 -------- d-----w- C:\ProgramData\QueenoCeoupon
2014-05-19 19:54:03 -------- d-sh--w- C:\Users\REDACTED\AppData\Local\EmieUserList
2014-05-19 19:54:03 -------- d-sh--w- C:\Users\REDACTED\AppData\Local\EmieSiteList
2014-05-19 19:53:50 -------- d-----w- C:\Program Files (x86)\GUM277E.tmp
2014-05-16 12:36:00 593112 ----a-w- C:\windows\System32\drivers\NISx64\1503000.00C\symnets.sys
2014-05-16 12:36:00 23568 ----a-r- C:\windows\System32\drivers\NISx64\1503000.00C\symelam.sys
2014-05-16 12:36:00 1148120 ----a-w- C:\windows\System32\drivers\NISx64\1503000.00C\symefa64.sys
2014-05-16 12:35:59 875736 ----a-w- C:\windows\System32\drivers\NISx64\1503000.00C\srtsp64.sys
2014-05-16 12:35:59 493656 ----a-r- C:\windows\System32\drivers\NISx64\1503000.00C\symds64.sys
2014-05-16 12:35:59 36952 ----a-r- C:\windows\System32\drivers\NISx64\1503000.00C\srtspx64.sys
2014-05-16 12:35:59 264280 ----a-r- C:\windows\System32\drivers\NISx64\1503000.00C\ironx64.sys
2014-05-16 12:35:59 162392 ----a-r- C:\windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys
2014-05-16 12:35:40 -------- d-----w- C:\windows\System32\drivers\NISx64\1503000.00C
2014-05-16 03:51:23 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-05-16 03:51:23 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-05-16 03:35:25 -------- d-s---w- C:\windows\System32\CompatTel
2014-05-16 02:58:36 477184 ----a-w- C:\windows\System32\aepdu.dll
2014-05-16 02:58:36 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-16 02:47:02 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-16 02:47:01 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-16 02:47:01 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-16 02:46:55 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-05-16 02:46:54 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-05-16 02:46:54 187456 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-16 02:46:54 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-05-16 02:46:50 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-16 02:45:15 -------- d-----w- C:\Users\REDACTED\AppData\Roaming\DropboxMaster
.
==================== Find3M ====================
.
2014-05-16 03:29:30 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 03:29:30 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-04-18 03:25:41 61120 ----a-w- C:\windows\System32\drivers\wStLibG64.sys
2014-04-15 06:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-03 13:50:58 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2010-01-26 14:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe
.
============= FINISH: 18:21:07.63 ===============


aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-21 18:55:58
-----------------------------
18:55:58.877 OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:58.878 Number of processors: 4 586 0x100
18:55:58.879 ComputerName: REDACTED-PC UserName: REDACTED
18:56:00.712 Initialize success
18:57:00.773 The log file has been saved successfully to "C:\Users\REDACTED\Desktop\aswMBR.txt"
18:57:08.231 AVAST engine defs: 14052101
18:59:50.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:59:50.800 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60B Size: 610480MB BusType: 11
18:59:50.909 Disk 0 MBR read successfully
18:59:50.916 Disk 0 MBR scan
18:59:50.928 Disk 0 Windows VISTA default MBR code
18:59:50.936 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:59:50.961 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595322 MB offset 3074048
18:59:51.000 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13657 MB offset 1222293504
18:59:51.135 Disk 0 scanning C:\windows\system32\drivers
19:00:03.995 Service scanning
19:00:09.184 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys **LOCKED** 5
19:00:17.405 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140520.001\IDSvia64.sys **LOCKED** 5
19:00:30.524 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.001\ENG64.SYS **LOCKED** 5
19:00:30.820 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.001\EX64.SYS **LOCKED** 5
19:00:51.421 Modules scanning
19:00:51.438 Disk 0 trace - called modules:
19:00:51.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:00:51.569 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f6060]
19:00:51.582 3 CLASSPNP.SYS[fffff880011cd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8006356060]
19:00:53.192 AVAST engine scan C:\windows
19:00:57.094 AVAST engine scan C:\windows\system32
19:06:11.056 AVAST engine scan C:\windows\system32\drivers
19:06:36.875 AVAST engine scan C:\Users\REDACTED
19:22:32.195 AVAST engine scan C:\ProgramData
19:26:34.444 Scan finished successfully
19:59:02.580 Disk 0 MBR has been saved successfully to "C:\Users\REDACTED\Desktop\MBR.dat"
19:59:02.590 The log file has been saved successfully to "C:\Users\REDACTED\Desktop\aswMBRnumber2.txt"

Spybot SEARCH AND DESTROY LOG:

Barowwsoe2Save: [SBI $F5174E26] Program directory (Directory, nothing done)
C:\Program Files (x86)\Optimizer Pro\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

View attachment attach.zip

 

[ken545]

:snwelcome:

Optimizer Pro is the main culprit, see if you can use Revo Uninstaller to remove it and we can go from there, let me know if it was successful, you just need the free version



http://www.revouninstaller.com/revo_uninstaller_free_download.html

 

[dlubell]

"Optimizer Pro is the main culprit, see if you can use Revo Uninstaller to remove it and we can go from there, let me know if it was successful, you just need the free version."

Hi Ken:

Many thanks for your feedback. I did as you suggested, ran the uninstaller but did not see Optimizer Pro listed among the 95 installations it found. Could it be under another name? Perhaps I'm missing it, should I run it again? Would showing you a list of what was found help?

Best,
-David

 

[dlubell]

"Optimizer Pro is the main culprit, see if you can use Revo Uninstaller to remove it and we can go from there, let me know if it was successful, you just need the free version."

Hello Again Ken!

Since my last post, I sought out a bit more information on Optimizer Pro, and possible methods for detection. I found AdwCleaner as a possible remedy, so I tried it and sure enough it found the offending files (under "files" and "services" I believe). So, I selected the appropriate check boxes and ran the program. It happened so quickly, I wasn't sure it worked so I ran Spybot again and POOF, no more Optimizer!

If you have any suggestions for final steps to ensure it's gone for good, I'm all ears.

Otherwise, THANK YOU for spotting the problem...and doing so so quickly!

You can be sure I'll recommend these forums to anyone with similar issues. And I know I'll be back if I do.

Thanks again,
David (one happy camper)

 

[ken545]

Morning David,

Glad you got rid of it BUT, when were trying to help you and you run programs on your own your kind of throwing a monkey wrench into the mix, I was going to have you run AdwCleaner next because i also see Trovi on your DDS log.


C:\AdwCleaner[S1].txt <-- Go here and open the log and copy and paste it into this thread for me to see






Then run Malwarebytes and post the log please

Please download Malwarebytes Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
• Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
• If an update is found, it will download and install the latest version.
• Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
• Press Scan Now then Skip Update (since we just updated it)

• When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
• Copy and Paste all of the information in that file to your next reply.

 

[dlubell]

Hello Ken:

"Glad you got rid of it BUT, when were trying to help you and you run programs on your own your kind of throwing a monkey wrench into the mix, I was going to have you run AdwCleaner next because i also see Trovi on your DDS log."

Ohmigosh, I am SO sorry! You are 1000% correct! I got ahead of myself and thought I could fix it on my own. If I really could, I wouldn't be here, would I? I apologize and guarantee that won't happen again. It's stupid to undermine the very people who are trying to help me :-(

And you're right, Trovi did pop up on previous scans prior to posting here. And again, I thought I got rid of it on my own, but apparently I didn't. Lesson(s) learned...

To that end, I have done what you asked and here are the results (hopefully the Malware log is readable...seems like Notepad sort of messed up the formatting):


AdwCleaner Log:


# AdwCleaner v3.210 - Report created 22/05/2014 at 23:01:44
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : REDACTED - REDACTED-PC
# Running from : C:\Users\REDACTED\AppData\Local\Temp\dlmCDFC.tmp\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
[x] Not Deleted : wStLibG64

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\QueenoCeoupon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[x] Not Deleted : C:\Program Files (x86)\QueenoCeoupon
[x] Not Deleted : C:\Users\DAVIDL~1\AppData\Local\Temp\BrowseMark
[x] Not Deleted : C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\oicdcmmckkmlbjgdmhjceieiglnbkpml
File Deleted : C:\Users\DAVIDL~1\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[x] Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[x] Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[x] Not Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : [x64] HKCU\Software\Conduit
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-FFA79FBFB28E&SearchSource=58&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-F1629AE00FB8&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [7575 octets] - [20/05/2014 23:52:47]
AdwCleaner[R1].txt - [3605 octets] - [22/05/2014 22:59:50]
AdwCleaner[S0].txt - [7523 octets] - [21/05/2014 00:12:45]
AdwCleaner[S1].txt - [3598 octets] - [22/05/2014 23:01:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3658 octets] ##########


Malwarebytes Anti-Malware Log

Scan Date: 5/23/2014
Scan Time: 11:38:24 AM
Logfile: Malware File May 23 AM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.23.08
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: REDACTED

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 217234
Time Elapsed: 7 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Trovi.A, C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad:

({"apps":{"shortcuts_have_been_created":true},"browser":

{"last_known_google_url":"https://www.google.com/","last_prompted_google_url":"https://www.google.com/","window_placement":

{"bottom":850,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right"

:1600,"work_area_top":0},"show_home_button":true},"countryid_at_install":21843,"default_apps_install_state":2,"default_sear

ch_provider":

{"enabled":true,"encodings":"1","icon_url":"http://mysearch.avg.com/favicon.ico","id":7,"instant_url":"https://mysearch.avg

.com/chroment?espv=2&cid=%GUID%&mid=%MID%&lang=%LANG%&ds=%DISTSOURCE%&pr=%PROFILE%&d=%INSTALLDATE%&v=%TBVERSION%&pid=%PID

%&sg=%SG%","keyword":"trovi.search","name":"Trovi

search","prepopulate_id":0,"search_terms_replacement_key":true,"search_url":"http:\/\/www.trovi.com\/Results.aspx?

gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-

FFA79FBFB28E&SearchSource=58&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-F1629AE00FB8&q={searchTerms}

&SSPV=","suggest_url":"http:\/\/suggest.seccint.com\/CSuggestJson.ashx?prefix={searchTerms}"},"distribution":

{"alternate_shortcut_text":true,"create_all_shortcuts":false,"do_not_launch_chrome":true,"import_bookmarks":false,"import_b

ookmarks_from_file":"c:\\Programdata\\Toshiba\\Chrome\

\bookmarks.html","import_history":false,"import_search_engine":false,"make_chrome_default":false,"require_eula":true,"show_

welcome_page":true,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"dns_prefetching":

{"host_referral_list":[2,["http://cfiles.5min.com/",

["http://2a86.v.fwmrm.net/",2.1349912862560125,"http://embed.5min.com/",2.4048451516347842]],

["http://cmap.uac.ace.advertising.com/",

["http://ads.yahoo.com/",2.1894160854077471,"http://cmap.an.ace.advertising.com/",1.9116543432291524,"http://cmap.at.ace.ad

vertising.com/",1.9116543432291524,"http://cmap.dc.ace.advertising.com/",1.9116543432291524,"http://cmap.rm.ace.advertising

.com/",1.9116543432291524,"http://ib.adnxs.com/",2.1894160854077471,"http://image2.pubmatic.com/",1.9116543432291524,"http:

//pixel.rubiconproject.com/",1.9116543432291524,"http://r.openx.net/",2.1894160854077471,"http://www.facebook.com/",1.91165

43432291524]],["http://leadback.advertising.com/",

["http://b.scorecardresearch.com/",2.4671778275863421,"http://uac.advertising.com/",1.9116543432291524]],

["http://start.toshiba.com/",

["http://avideos.5min.com/",0.23258690591577807,"http://b.aol.com/",0.26638158455311323,"http://b.scorecardresearch.com/",0

.30017626319044849,"http://cfiles.5min.com/",0.80709644275047732,"http://image.vam.synacor.com.edgesuite.net/",1.6513649422

540146,"http://l.5min.com/",0.46914965637712469,"http://start.toshiba.com/",0.36273136486026569,"http://static.citrine.syna

cor.com/",1.9857652743146312,"http://toshiba.am4.syn-

api.com/",0.46914965637712469,"http://web.citrine.synacor.com/",0.53577630733486192]],

["http://static.citrine.synacor.com/",["http://rtax.criteo.com/",1.5035332412696913]],["http://toolbar.avg.com/",

["http://toolbar.avg.com/",2.4575561048895462]],["http://widgets.outbrain.com/",

["http://b.scorecardresearch.com/",1.9116543432291524,"http://hpr.outbrain.com/",1.9116543432291524,"http://images.outbrain

.com/",2.4671778275863421,"http://static.synacor.net/",1.9116543432291524,"http://widgets.outbrain.com/",2.1894160854077471

]]],"startup_list":[1]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":

{"last_check":"13042259209598406","next_check":"13044166668960266"},"blacklistupdate":

{"lastpingday":"13028630402797344","version":"0.0.0.149"},"chrome_url_overrides":{"bookmarks":["chrome-

extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"known_disabled":

["idhngdhcfkoamngbedgpaokgjbnpdiji","mkfokfffehpeedafpekjeddnmnjhmcmk"],"last_chrome_version":"34.0.1847.131","settings":

{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","webstorePrivate"],"manifest_permissions":

[]},"app_launcher_ordinal":"n","creation_flags":1,"events":

[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881953232","location":5,"manifest":{"app":

{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":

["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":

{"16":"webstore_icon_16.png","128":"webstore_icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xt

D2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z

+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":

["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\

\Application\\27.0.1453.116\\resources\\web_store","was_installed_by_default":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":

{"disable_reasons":1,"state":0},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":

["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":

["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"creation_flags":1,"events":

[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881947232","location":5,"manifest":

{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src

chrome://resources 'self'","description":"Bookmark

Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy

+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV

+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark

Manager","permissions":

["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"v

ersion":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\

\bookmark_manager","was_installed_by_default":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":

[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"creation_flags":1,"events":

["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881956232","location":5,"man

ifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":

{"16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png","128":"settings_app_icon_1

28.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc

+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwyw

fflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-

frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\

\settings_app","running":false,"was_installed_by_default":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":

{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":

[]},"creation_flags":1,"events":

["feedbackPrivate.onFeedbackRequested"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install

_time":"13032414888351903","location":5,"manifest":{"app":{"background":{"scripts":

["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src

'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback

extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":

{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1Cj

FyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW

+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":

["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\

\31.0.1650.63\\resources\\feedback","running":false,"was_installed_by_default":false},"idhngdhcfkoamngbedgpaokgjbnpdiji":

{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":

["http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":

["http://*/*","https://*/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true

,"install_time":"13026269912137670","lastpingday":"13042191597967406","location":3,"manifest":

{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":

["http://*/*","https://*/*"],"run_at":"document_idle"}],"description":"Detects all recordable content on the

browser","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIwlyxIOu0hwMoAcBARugBpVhj7EGgYOAP2Fl/1dfiz6Z250yRI76IyXJvgOTbPYkbWgu

SD7kAcxsj25UMDyPs97CSQdqNFfqo212NRd7QWCV4hdqE2VR2KBLB5Ns4quB1GmCVzqNR83CCRu8RcONuamJ0FHQwmPSNbcDLkhuvuwIDAQAB","name":"Real

Downloader","permissions":["tabs","http://*/*","https://*/*"],"version":"1.3.2"},"path":"idhngdhcfkoamngbedgpaokgjbnpdiji\

\1.3.2_0","state":0,"was_installed_by_default":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":

["cloudPrintPrivate"],"manifest_permissions":[]},"creation_flags":1,"events":

[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881951232","location":5,"manifest":{"app":

{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":

["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud

Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiw

zSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB

+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files

(x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\

\cloud_print","was_installed_by_default":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":

[],"manifest_permissions":[]},"app_launcher_ordinal":"t","creation_flags":1,"events":

[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881954232","location":5,"manifest":{"app":

{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an

app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":

{"16":"product_logo_16.png","128":"product_logo_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9

jiEf6FdJWqEtgRmIeI7qtjPLBM5oje

+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQI

DAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\

\27.0.1453.116\\resources\\chrome_app","was_installed_by_default":false},"mkfokfffehpeedafpekjeddnmnjhmcmk":

{"ack_external":true,"active_permissions":{"api":["history","plugin","tabs","webNavigation"],"manifest_permissions":

[],"scriptable_host":["<all_urls>"]},"content_settings":[],"creation_flags":1,"disable_reasons":1,"events":

[],"external_first_run":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":

[],"incognito_preferences":

{},"initial_keybindings_set":true,"install_time":"13042177152989090","lastpingday":"13042191597967406","location":3,"manife

st":{"background":{"scripts":["background.js"]},"browser_action":

{"default_icon":"images/StatusButton/coBA_unknown.png","default_popup":"","default_title":"Norton

Toolbar"},"content_scripts":[{"all_frames":true,"js":["docstart.js","wcid.js","wax.js"],"matches":

["<all_urls>"],"run_at":"document_start"}],"current_locale":"en_US","default_locale":"en","description":"Symantec

Corporation","icons":{"48":"images/48_Norton_Ext_Icon.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN17j8JLKorF

+VBEKJgK4pj8g17X7JvJhwca8GU6eC

+m33Mp7Wts5uLKDpImOPe0r/0VHiO54Bmwz0E9G67599bllrlhbIjHGKLeicrh4hmOaG1zArNN/DLDDUkcxU50odaPSgDoFUsp6TreA9lwoE5ypYw+lGnbo

+BJwNe0hnQQIDAQAB","manifest_version":2,"minimum_chrome_version":"26.0","name":"Norton Identity Protection","permissions":

["tabs","history","webNavigation"],"plugins":[{"path":"npcoplgn.dll","public":true}],"requirements":{"plugins":

{"npapi":false}},"version":"2014.7.0.43","web_accessible_resources":

["images/SafeBrowse/sb_nortoncertified.png","images/SafeBrowse/sb_safeannotation.png","images/SafeBrowse/sb_safeshopannotat

ion.png","images/SafeBrowse/sb_unknownannotation.png","images/SafeBrowse/sb_unsafeannotation.png","images/SafeBrowse/sb_uns

afeshopannotation.png","images/SafeBrowse/sb_unsafeshoppagebadAnnotation.png","images/SafeBrowse/sb_webnuisanceannotation.p

ng","images/StatusButton/coBA_dangerous.png","images/StatusButton/coBA_Safe.png","images/StatusButton/coBA_suspicious.png",

"images/StatusButton/coBA_unknown.png","images/Widgets/norton_tb_mm_logo_watermark.png","RedirectPages/blocked_btn_click.pn

g","RedirectPages/blocked_btn_default.png","RedirectPages/blocked_btn_hover.png","RedirectPages/blocked-norton-

logo.png","RedirectPages/blocked-

redx.png","RedirectPages/BrowserBadRedirect.html","RedirectPages/KBRedirect.css","RedirectPages/KnownBadRedirect.html","Red

irectPages/PageBadRedirect.html","RedirectPages/PIIFormSuspRedirect.html","RedirectPages/PIIRedirect.css","RedirectPages/Re

directPages.js","RedirectPages/SiteAge_New.png","RedirectPages/SiteAge_Young.png","RedirectPages/SitePop_Low.png","Redirect

Pages/SitePop_None.png","RedirectPages/SuspiciousRedirect.html"]},"path":"mkfokfffehpeedafpekjeddnmnjhmcmk\

\2014.7.0.43_1","preferences":{},"regular_only_preferences":

{},"state":0,"was_installed_by_default":false},"ndibdjnfmopecpmkdieinmbadjfpblof":null,"neajdppkdcdipfabeoofebfddakdcjhd":

{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":

["https://www.google.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":

["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":fal

se,"incognito_content_settings":[],"incognito_preferences":

{},"initial_keybindings_set":true,"install_time":"13037505142064027","location":5,"manifest":{"background":

{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google

network text-to-speech

service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe

+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU

+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox

+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google

Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":

[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},

{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English

Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK

English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google

Espa\xC3\xB1ol"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google

Fran\xC3\xA7ais"},{"event_types":["start","end","error"],"gender":"female","lang":"it-

IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-

DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-

JP","remote":true,"voice_name":"Google \xE6\x97\xA5\xE6\x9C\xAC\xE4\xBA\xBA"},{"event_types":

["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google \xED\x95\x9C\xEA\xB5\xAD\xEC

\x9D\x98"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google

\xE4\xB8\xAD\xE5\x9B\xBD\xE7\x9A\x84"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\

\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":

{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":

["alarms","desktopCapture","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions

":[]},"creation_flags":1,"events":

["alarms.onAlarm","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_

time":"13036881797651913","location":5,"manifest":{"background":

{"page":"background.html","persistent":false},"externally_connectable":{"matches":

["https://*.google.com/hangouts*","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLH

RCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB

+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout

Services","permissions":

["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files

(x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\

\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":

{"ack_external":true,"active_permissions":{"api":["identity","webRequestInternal","webview"],"explicit_host":

["https://checkout.google.com/*","https://sandbox.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],

"manifest_permissions":[]},"content_settings":[],"creation_flags":137,"events":

["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":true,"has_declarative_rules":{"declarativeContent":

{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":

[],"incognito_preferences":

{},"initial_keybindings_set":true,"install_time":"13042259211410406","lastpingday":"13042191597967406","location":10,"manif

est":{"app":{"background":{"scripts":

["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital

goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":

{"16":"images/icon_16.png","128":"images/icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57Fx

JtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u

+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29

","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":

["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/

chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":

["identity","webview","https://checkout.google.com/","https://sandbox.google.com/checkout/","https://www.google.com/","http

s://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.0.6.1"},"path":"nmmh

kkegccagdldgiimedpiccmgmieda\\0.0.6.1_0","preferences":{},"regular_only_preferences":

{},"running":false,"state":1,"was_installed_by_default":true},"ofaoiaebiknfcpkilegmngdncgemgboa":

{"ack_external":true,"active_permissions":{"api":

["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":

["http://*/*","https://*/*"],"scriptable_host":

["http://*/*","https://*/*"]},"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":

["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":

["http://*/*","https://*/*"],"scriptable_host":

["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":13045023855000000,"location":1,"manifest":

{"background":{"page":"background.html"},"content_scripts":[{"all_frames":true,"js":["content.js"],"matches":

["http://*/*","https://*/*"],"run_at":"document_end"}],"description":"","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0+J1G

NgSt8VmysZ0W+bhgH2oCF9Q51QuvK7l9t/b111IRim52L3t5e+y2EYLEfKgKfA5XiLRnK9LI8evaRBco6d4z+GwiYeroOUVLUM22XViauxJ9f

+kuxBJPRQPH6Vt9M9RWRGuBNLi2lA4rHIZgh6Kyd6Z/dZMgsTomDTRGywIDAQAB","manifest_version":2,"name":"TooPbiuyyer","permissions":

["http://*/*","https://*/*","tabs","cookies","management","notifications","contextMenus","management","storage"],"version":

"4.1"},"path":"ofaoiaebiknfcpkilegmngdncgemgboa\

\4.1","state":1,"was_installed_by_default":false},"oicdcmmckkmlbjgdmhjceieiglnbkpml":

{"ack_external":true,"active_permissions":{"api":

["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":

["http://*/*","https://*/*"],"scriptable_host":

["http://*/*","https://*/*"]},"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":

["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":

["http://*/*","https://*/*"],"scriptable_host":

["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":13045009454000000,"location":1,"manifest":

{"background":{"page":"background.html"},"content_scripts":[{"all_frames":true,"js":["content.js"],"matches":

["http://*/*","https://*/*"],"run_at":"document_end"}],"description":"","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG9tay

55SCRkBs75sZ3UTTTTeBReHMW3H3XUw1ZXFeLqUZWaVZ8/8IWrhYFHCL08F0j5RGT7kG3PtCsYdH9cYWbhwvr2Lx13JE3TmUuFHZ/jSrJ/yKf0NzCkIqqpKnO3k

FA28f3G8X1RFFEyLifbaupg6bM4qYq9rqc4/0wjpAUQIDAQAB","manifest_version":2,"name":"KinnGCoUppon","permissions":

["http://*/*","https://*/*","tabs","cookies","management","notifications","contextMenus","management","storage"],"version":

"1.3"},"path":"oicdcmmckkmlbjgdmhjceieiglnbkpml\

\1.3","state":1,"was_installed_by_default":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":

["alarms","identity","location","metricsPrivate","notifications","preferencesPrivate","pushMessaging","storage","tabs","web

storePrivate"],"explicit_host":["<all_urls>","chrome://favicon/*"],"manifest_permissions":[]},"content_settings":

[],"creation_flags":1,"events":

["alarms.onAlarm","identity.onSignInChanged","location.onLocationUpdate","notifications.onButtonClicked","notifications.onC

licked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onM

essage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","types.private.ChromeDirectSetting.googlegeolocationa

ccess.enabled.onChange"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":

[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13042258690196404","location":5,"manifest":

{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now

into Chrome.","icons":

{"16":"images/icon16.png","48":"images/icon48.png","128":"images/icon128.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBC

gKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow

+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXC

CM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifes

t_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":

["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":

["alarms","identity","location","metricsPrivate","notifications","preferencesPrivate","pushMessaging","storage","tabs","web

storePrivate","<all_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\

\34.0.1847.116\\resources\\google_now","preferences":{},"regular_only_preferences":

{},"was_installed_by_default":false}}},"google":{"services":{"signin":{"LSID":"","SID":""}}},"homepage":"http:\/

\/www.trovi.com\/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-

FFA79FBFB28E&SearchSource=55&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-

F1629AE00FB8&SSPV=","homepage_is_newtabpage":false,"intl":{"accept_languages":"en-US,en"},"invalidator":

{"client_id":"fmwBZbSVECKD2bDtSxUtDw=="},"media":{"device_id_salt":"xsGNKCeEvBpnB64FF4wyOQ=="},"net":

{"http_server_properties":{"servers":{"ad.doubleclick.net:443":{"alternate_protocol":

{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"ad.doubleclick.net:80":

{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"clients2.google.com:443":

{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":

{"4":100,"5":32,"6":0},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":

{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":100,"6":0},"supports_spdy":true},"cm.g.doubleclick.net:80":

{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"pagead2.googlesyndication.com:80":

{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"partner.googleadservices.com:80":

{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"pubads.g.doubleclick.net:80":

{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"s0.2mdn.net:80":{"alternate_protocol":

{"port":80,"protocol_str":"quic"},"supports_spdy":false},"static.doubleclick.net:443":{"alternate_protocol":

{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":25,"6":0},"supports_spdy":true},"www.facebook.com:443":

{"supports_spdy":true},"www.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":

{"4":100,"5":32,"6":0},"supports_spdy":true},"www.googletagservices.com:80":{"alternate_protocol":

{"port":80,"protocol_str":"quic"},"supports_spdy":false}},"version":2}},"pinned_tabs":[],"plugins":

{"enabled_internal_pdf3":true,"enabled_nacl":true,"migrated_to_pepper_flash":true,"plugins_list":

[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":

{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":

{"npsitesafety":

{"dll":true}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":2,"managed_user_id":"","name":"Fi

rst user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http:\/\/www.trovi.com\/?

gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-

FFA79FBFB28E&SearchSource=55&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-

F1629AE00FB8&SSPV="],"startup_urls_migration_time":"13036881797265913"},"translate_blocked_languages":

["en"],"translate_whitelists":{}}), ,[3d97fc5807741d195d923d44eb19f50b]

Physical Sectors: 0
(No malicious items detected)


(end)


Ken, please let me know if you need anything else. I promise, I won't be doing ANYTHING else until I hear back

Thanks again,
-David

 

[ken545]

Hi,

You need to run AdwCleaner again and remove all it found, most of that stuff is not nice, it all has to go

When you copy and paste a log into Notepad, go to the top and select Format and uncheck Wordwrap, then recheck Wordwrap and then go to Edit....Select All ------ Edit....Copy and then post the logs




Run Malwarebytes again and this time run the Threat Scan.

When the scan has completed, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the “Quarantine All” button, and then click on the “Apply Now” button.

Then post the log please

 

[dlubell]

Hi Ken:

"You need to run AdwCleaner again and remove all it found, most of that stuff is not nice, it all has to go"

YIKES!!!! Ok, done!

"When you copy and paste a log into Notepad, go to the top and select Format and uncheck Wordwrap, then recheck Wordwrap and then go to Edit....Select All ------ Edit....Copy and then post the logs"

Ah, ok, thanks for the tip!

"Run Malwarebytes again and this time run the Threat Scan.

When the scan has completed, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the “Quarantine All” button, and then click on the “Apply Now” button.

Then post the log please"

Yep, it found some more ugliness, but I think (hope!) it got it all this time. Here's the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/23/2014
Scan Time: 12:51:18 PM
Logfile: Malware File May 23 PM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.23.10
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: REDACTED

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286363
Time Elapsed: 21 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Trovi.A, C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ({"apps":{"shortcuts_have_been_created":true},"browser":{"last_known_google_url":"https://www.google.com/","last_prompted_google_url":"https://www.google.com/","window_placement":{"bottom":850,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0},"show_home_button":true},"countryid_at_install":21843,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"1","icon_url":"http://mysearch.avg.com/favicon.ico","id":7,"instant_url":"https://mysearch.avg.com/chroment?espv=2&cid=%GUID%&mid=%MID%&lang=%LANG%&ds=%DISTSOURCE%&pr=%PROFILE%&d=%INSTALLDATE%&v=%TBVERSION%&pid=%PID%&sg=%SG%","keyword":"trovi.search","name":"Trovi search","prepopulate_id":0,"search_terms_replacement_key":true,"search_url":"http:\/\/www.trovi.com\/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-FFA79FBFB28E&SearchSource=58&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-F1629AE00FB8&q={searchTerms}&SSPV=","suggest_url":"http:\/\/suggest.seccint.com\/CSuggestJson.ashx?prefix={searchTerms}"},"distribution":{"alternate_shortcut_text":true,"create_all_shortcuts":false,"do_not_launch_chrome":true,"import_bookmarks":false,"import_bookmarks_from_file":"c:\\Programdata\\Toshiba\\Chrome\\bookmarks.html","import_history":false,"import_search_engine":false,"make_chrome_default":false,"require_eula":true,"show_welcome_page":true,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["http://cfiles.5min.com/",["http://2a86.v.fwmrm.net/",2.1349912862560125,"http://embed.5min.com/",2.4048451516347842]],["http://cmap.uac.ace.advertising.com/",["http://ads.yahoo.com/",2.1894160854077471,"http://cmap.an.ace.advertising.com/",1.9116543432291524,"http://cmap.at.ace.advertising.com/",1.9116543432291524,"http://cmap.dc.ace.advertising.com/",1.9116543432291524,"http://cmap.rm.ace.advertising.com/",1.9116543432291524,"http://ib.adnxs.com/",2.1894160854077471,"http://image2.pubmatic.com/",1.9116543432291524,"http://pixel.rubiconproject.com/",1.9116543432291524,"http://r.openx.net/",2.1894160854077471,"http://www.facebook.com/",1.9116543432291524]],["http://leadback.advertising.com/",["http://b.scorecardresearch.com/",2.4671778275863421,"http://uac.advertising.com/",1.9116543432291524]],["http://start.toshiba.com/",["http://avideos.5min.com/",0.23258690591577807,"http://b.aol.com/",0.26638158455311323,"http://b.scorecardresearch.com/",0.30017626319044849,"http://cfiles.5min.com/",0.80709644275047732,"http://image.vam.synacor.com.edgesuite.net/",1.6513649422540146,"http://l.5min.com/",0.46914965637712469,"http://start.toshiba.com/",0.36273136486026569,"http://static.citrine.synacor.com/",1.9857652743146312,"http://toshiba.am4.syn-api.com/",0.46914965637712469,"http://web.citrine.synacor.com/",0.53577630733486192]],["http://static.citrine.synacor.com/",["http://rtax.criteo.com/",1.5035332412696913]],["http://toolbar.avg.com/",["http://toolbar.avg.com/",2.4575561048895462]],["http://widgets.outbrain.com/",["http://b.scorecardresearch.com/",1.9116543432291524,"http://hpr.outbrain.com/",1.9116543432291524,"http://images.outbrain.com/",2.4671778275863421,"http://static.synacor.net/",1.9116543432291524,"http://widgets.outbrain.com/",2.1894160854077471]]],"startup_list":[1]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13042259209598406","next_check":"13044166668960266"},"blacklistupdate":{"lastpingday":"13028630402797344","version":"0.0.0.149"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"known_disabled":["idhngdhcfkoamngbedgpaokgjbnpdiji","mkfokfffehpeedafpekjeddnmnjhmcmk"],"last_chrome_version":"34.0.1847.131","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","webstorePrivate"],"manifest_permissions":[]},"app_launcher_ordinal":"n","creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881953232","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"16":"webstore_icon_16.png","128":"webstore_icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\\web_store","was_installed_by_default":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881947232","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\\bookmark_manager","was_installed_by_default":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881956232","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png","128":"settings_app_icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\\settings_app","running":false,"was_installed_by_default":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13032414888351903","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.63\\resources\\feedback","running":false,"was_installed_by_default":false},"idhngdhcfkoamngbedgpaokgjbnpdiji":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["http://*/*","https://*/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13026269912137670","lastpingday":"13042191597967406","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_idle"}],"description":"Detects all recordable content on the browser","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIwlyxIOu0hwMoAcBARugBpVhj7EGgYOAP2Fl/1dfiz6Z250yRI76IyXJvgOTbPYkbWguSD7kAcxsj25UMDyPs97CSQdqNFfqo212NRd7QWCV4hdqE2VR2KBLB5Ns4quB1GmCVzqNR83CCRu8RcONuamJ0FHQwmPSNbcDLkhuvuwIDAQAB","name":"RealDownloader","permissions":["tabs","http://*/*","https://*/*"],"version":"1.3.2"},"path":"idhngdhcfkoamngbedgpaokgjbnpdiji\\1.3.2_0","state":0,"was_installed_by_default":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881951232","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\\cloud_print","was_installed_by_default":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13017637881954232","location":5,"manifest":{"app":{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"16":"product_logo_16.png","128":"product_logo_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.116\\resources\\chrome_app","was_installed_by_default":false},"mkfokfffehpeedafpekjeddnmnjhmcmk":{"ack_external":true,"active_permissions":{"api":["history","plugin","tabs","webNavigation"],"manifest_permissions":[],"scriptable_host":["<all_urls>"]},"content_settings":[],"creation_flags":1,"disable_reasons":1,"events":[],"external_first_run":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13042177152989090","lastpingday":"13042191597967406","location":3,"manifest":{"background":{"scripts":["background.js"]},"browser_action":{"default_icon":"images/StatusButton/coBA_unknown.png","default_popup":"","default_title":"Norton Toolbar"},"content_scripts":[{"all_frames":true,"js":["docstart.js","wcid.js","wax.js"],"matches":["<all_urls>"],"run_at":"document_start"}],"current_locale":"en_US","default_locale":"en","description":"Symantec Corporation","icons":{"48":"images/48_Norton_Ext_Icon.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN17j8JLKorF+VBEKJgK4pj8g17X7JvJhwca8GU6eC+m33Mp7Wts5uLKDpImOPe0r/0VHiO54Bmwz0E9G67599bllrlhbIjHGKLeicrh4hmOaG1zArNN/DLDDUkcxU50odaPSgDoFUsp6TreA9lwoE5ypYw+lGnbo+BJwNe0hnQQIDAQAB","manifest_version":2,"minimum_chrome_version":"26.0","name":"Norton Identity Protection","permissions":["tabs","history","webNavigation"],"plugins":[{"path":"npcoplgn.dll","public":true}],"requirements":{"plugins":{"npapi":false}},"version":"2014.7.0.43","web_accessible_resources":["images/SafeBrowse/sb_nortoncertified.png","images/SafeBrowse/sb_safeannotation.png","images/SafeBrowse/sb_safeshopannotation.png","images/SafeBrowse/sb_unknownannotation.png","images/SafeBrowse/sb_unsafeannotation.png","images/SafeBrowse/sb_unsafeshopannotation.png","images/SafeBrowse/sb_unsafeshoppagebadAnnotation.png","images/SafeBrowse/sb_webnuisanceannotation.png","images/StatusButton/coBA_dangerous.png","images/StatusButton/coBA_Safe.png","images/StatusButton/coBA_suspicious.png","images/StatusButton/coBA_unknown.png","images/Widgets/norton_tb_mm_logo_watermark.png","RedirectPages/blocked_btn_click.png","RedirectPages/blocked_btn_default.png","RedirectPages/blocked_btn_hover.png","RedirectPages/blocked-norton-logo.png","RedirectPages/blocked-redx.png","RedirectPages/BrowserBadRedirect.html","RedirectPages/KBRedirect.css","RedirectPages/KnownBadRedirect.html","RedirectPages/PageBadRedirect.html","RedirectPages/PIIFormSuspRedirect.html","RedirectPages/PIIRedirect.css","RedirectPages/RedirectPages.js","RedirectPages/SiteAge_New.png","RedirectPages/SiteAge_Young.png","RedirectPages/SitePop_Low.png","RedirectPages/SitePop_None.png","RedirectPages/SuspiciousRedirect.html"]},"path":"mkfokfffehpeedafpekjeddnmnjhmcmk\\2014.7.0.43_1","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false},"ndibdjnfmopecpmkdieinmbadjfpblof":null,"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["https://www.google.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13037505142064027","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Espa\xC3\xB1ol"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Fran\xC3\xA7ais"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google \xE6\x97\xA5\xE6\x9C\xAC\xE4\xBA\xBA"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google \xED\x95\x9C\xEA\xB5\xAD\xEC\x9D\x98"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google \xE4\xB8\xAD\xE5\x9B\xBD\xE7\x9A\x84"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"creation_flags":1,"events":["alarms.onAlarm","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13036881797651913","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/hangouts*","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout Services","permissions":["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webRequestInternal","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":true,"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13042259211410406","lastpingday":"13042191597967406","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"16":"images/icon_16.png","128":"images/icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://checkout.google.com/","https://sandbox.google.com/checkout/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.0.6.1"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true},"ofaoiaebiknfcpkilegmngdncgemgboa":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":["http://*/*","https://*/*"],"scriptable_host":["http://*/*","https://*/*"]},"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":["http://*/*","https://*/*"],"scriptable_host":["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":13045023855000000,"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":true,"js":["content.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_end"}],"description":"","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0+J1GNgSt8VmysZ0W+bhgH2oCF9Q51QuvK7l9t/b111IRim52L3t5e+y2EYLEfKgKfA5XiLRnK9LI8evaRBco6d4z+GwiYeroOUVLUM22XViauxJ9f+kuxBJPRQPH6Vt9M9RWRGuBNLi2lA4rHIZgh6Kyd6Z/dZMgsTomDTRGywIDAQAB","manifest_version":2,"name":"TooPbiuyyer","permissions":["http://*/*","https://*/*","tabs","cookies","management","notifications","contextMenus","management","storage"],"version":"4.1"},"path":"ofaoiaebiknfcpkilegmngdncgemgboa\\4.1","state":1,"was_installed_by_default":false},"oicdcmmckkmlbjgdmhjceieiglnbkpml":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":["http://*/*","https://*/*"],"scriptable_host":["http://*/*","https://*/*"]},"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["contextMenus","cookies","management","notifications","storage","tabs"],"explicit_host":["http://*/*","https://*/*"],"scriptable_host":["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":13045009454000000,"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":true,"js":["content.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_end"}],"description":"","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG9tay55SCRkBs75sZ3UTTTTeBReHMW3H3XUw1ZXFeLqUZWaVZ8/8IWrhYFHCL08F0j5RGT7kG3PtCsYdH9cYWbhwvr2Lx13JE3TmUuFHZ/jSrJ/yKf0NzCkIqqpKnO3kFA28f3G8X1RFFEyLifbaupg6bM4qYq9rqc4/0wjpAUQIDAQAB","manifest_version":2,"name":"KinnGCoUppon","permissions":["http://*/*","https://*/*","tabs","cookies","management","notifications","contextMenus","management","storage"],"version":"1.3"},"path":"oicdcmmckkmlbjgdmhjceieiglnbkpml\\1.3","state":1,"was_installed_by_default":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","identity","location","metricsPrivate","notifications","preferencesPrivate","pushMessaging","storage","tabs","webstorePrivate"],"explicit_host":["<all_urls>","chrome://favicon/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","identity.onSignInChanged","location.onLocationUpdate","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","types.private.ChromeDirectSetting.googlegeolocationaccess.enabled.onChange"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13042258690196404","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"16":"images/icon16.png","48":"images/icon48.png","128":"images/icon128.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","location","metricsPrivate","notifications","preferencesPrivate","pushMessaging","storage","tabs","webstorePrivate","<all_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\34.0.1847.116\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false}}},"google":{"services":{"signin":{"LSID":"","SID":""}}},"homepage":"http:\/\/www.trovi.com\/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-FFA79FBFB28E&SearchSource=55&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-F1629AE00FB8&SSPV=","homepage_is_newtabpage":false,"intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"fmwBZbSVECKD2bDtSxUtDw=="},"media":{"device_id_salt":"xsGNKCeEvBpnB64FF4wyOQ=="},"net":{"http_server_properties":{"servers":{"ad.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"ad.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"clients2.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":100,"6":0},"supports_spdy":true},"cm.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"pagead2.googlesyndication.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"partner.googleadservices.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"pubads.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"s0.2mdn.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"static.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":25,"6":0},"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.googletagservices.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false}},"version":2}},"pinned_tabs":[],"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":2,"managed_user_id":"","name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http:\/\/www.trovi.com\/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC59C0501-60CF-4847-AEB9-FFA79FBFB28E&SearchSource=55&CUI=&UM=5&UP=SP25F85F53-0A15-4080-8F2A-F1629AE00FB8&SSPV="],"startup_urls_migration_time":"13036881797265913"},"translate_blocked_languages":["en"],"translate_whitelists":{}}), Replaced,[894dbb994f2ce056ba7e6b17d82cf20e]

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks again, and let me know what ya think.

-David

 

[ken545]

All that garbage under the Malwarebytes scan, dont understand what your doing to post that


OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[dlubell]

"All that garbage under the Malwarebytes scan, dont understand what your doing to post that "

Oy! Me neither! I'm just cut/pasting what was in the log...sigh....

OK, let me try OTL and I'll be back in a bit.

-David

 

[dlubell]

Hi Ken:

Here is the OTL log:

OTL logfile created on: 5/23/2014 2:31:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\READACTED\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 64.28% Memory free
10.96 Gb Paging File | 8.85 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.37 Gb Total Space | 379.43 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1863.01 Gb Total Space | 733.10 Gb Free Space | 39.35% Space Free | Partition Type: NTFS

Computer Name: DAVIDLUBELL-PC | User Name: READACTED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\READACTED\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\READACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - c:\Users\READACTED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeobor2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\READACTED\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\READACTED\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV - (RealPlayer Cloud Service) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RDID1098) -- C:\Windows\SysNative\drivers\Rdwm1098.sys (Roland Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140522.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {248A9E69-47EE-4D8A-ACE0-74AFA56719D2}
IE:64bit: - HKLM\..\SearchScopes\{248A9E69-47EE-4D8A-ACE0-74AFA56719D2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7376AD3E-AF14-4948-8717-94DECEF15705}
IE - HKCU\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{7376AD3E-AF14-4948-8717-94DECEF15705}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS470
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\READACTED\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\READACTED\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\READACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\READACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX [2014/04/17 21:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/05/23 12:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 22:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/01/11 13:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/21 11:25:36 | 000,000,000 | ---D | M]

[2012/04/07 18:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\READACTED\AppData\Roaming\Mozilla\Extensions
[2014/05/21 00:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\READACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions
[2014/05/21 00:23:46 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\READACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/15 22:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/21 00:20:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/14 14:09:06 | 000,032,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2014/05/21 11:24:48 | 000,148,040 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\READACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Users\READACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_1\
CHR - Extension: No name found = C:\Users\READACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: No name found = C:\Users\READACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\READACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaoiaebiknfcpkilegmngdncgemgboa\4.1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\READACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\READACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7F52C0-2F71-400A-B2F8-A39E6683DD80}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 21:02:16 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/23 11:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/23 11:36:30 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/23 11:36:30 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/23 11:36:30 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/23 11:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Users\READACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/05/21 11:28:57 | 000,000,000 | ---D | C] -- C:\Users\READACTED\AppData\Roaming\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/05/21 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/05/21 11:25:35 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:18 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/20 23:53:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/20 23:51:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/20 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\READACTED\Desktop\Old Firefox Data
[2014/05/20 00:39:52 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/19 22:28:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/19 22:28:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/19 22:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saverON
[2014/05/19 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\saverON
[2014/05/19 17:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\9ddfa9f7f5a0309b
[2014/05/19 17:44:07 | 000,000,000 | ---D | C] -- C:\Users\READACTED\AppData\Local\Packages
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\READACTED\AppData\Local\EmieUserList
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\READACTED\AppData\Local\EmieSiteList
[2014/05/15 23:51:20 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/05/15 23:51:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/05/15 23:50:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/05/15 23:50:41 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/05/15 23:50:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/05/15 23:50:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/05/15 23:50:38 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/05/15 23:50:37 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/05/15 23:50:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/05/15 23:50:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/05/15 23:50:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/05/15 23:50:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/05/15 23:50:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/05/15 23:50:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/05/15 23:50:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/05/15 23:50:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/05/15 23:50:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/05/15 23:50:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:31 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/05/15 23:50:31 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/05/15 23:50:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/05/15 23:50:30 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/05/15 23:50:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/05/15 23:50:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/05/15 23:50:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/15 23:50:26 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/05/15 23:50:25 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/05/15 23:50:20 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/05/15 23:35:25 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/15 23:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 22:58:36 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/15 22:58:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/15 22:56:55 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/15 22:56:53 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/15 22:56:53 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/15 22:56:53 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/15 22:56:52 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/15 22:56:52 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/15 22:56:52 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/15 22:56:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/15 22:56:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/15 22:56:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/15 22:56:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/15 22:56:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/15 22:56:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/15 22:56:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/15 22:56:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/15 22:56:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/15 22:56:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/15 22:56:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/15 22:56:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/15 22:56:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/15 22:56:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/15 22:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/15 22:45:15 | 000,000,000 | ---D | C] -- C:\Users\READACTED\AppData\Roaming\DropboxMaster
[2 C:\Users\READACTED\Desktop\*.tmp files -> C:\Users\READACTED\Desktop\*.tmp -> ]
[2 C:\Users\READACTED\*.tmp files -> C:\Users\READACTED\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/23 14:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/23 14:13:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000UA.job
[2014/05/23 13:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/23 12:55:13 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 12:55:13 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 12:53:37 | 000,875,838 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/23 12:53:37 | 000,728,788 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/23 12:53:37 | 000,147,554 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/23 12:51:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 12:48:40 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/23 12:47:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/23 12:47:09 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/23 11:36:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/23 11:21:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000Core.job
[2014/05/22 22:46:04 | 000,001,279 | ---- | M] () -- C:\Users\READACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | M] () -- C:\Users\READACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | M] () -- C:\Users\READACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:25:35 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:54 | 000,001,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 11:24:18 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:52:12 | 000,007,667 | ---- | M] () -- C:\windows\wininit.ini
[2014/05/21 00:20:47 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/19 22:28:50 | 002,156,176 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\Cat.DB
[2014/05/19 14:23:32 | 937,407,564 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/05/16 19:31:06 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/05/16 04:57:54 | 000,037,423 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\VT20140516.004
[2014/05/15 23:29:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/15 23:29:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/15 22:51:22 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014/05/15 22:45:34 | 000,001,074 | ---- | M] () -- C:\Users\READACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/15 22:45:06 | 000,001,056 | ---- | M] () -- C:\Users\READACTED\Desktop\Dropbox.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/11 03:11:03 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\isolate.ini
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/08 18:22:25 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2 C:\Users\READACTED\Desktop\*.tmp files -> C:\Users\READACTED\Desktop\*.tmp -> ]
[2 C:\Users\READACTED\*.tmp files -> C:\Users\READACTED\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/23 11:36:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/22 22:46:04 | 000,001,279 | ---- | C] () -- C:\Users\READACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | C] () -- C:\Users\READACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | C] () -- C:\Users\READACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:24:52 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 00:20:46 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/21 00:20:44 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/19 23:34:19 | 000,007,667 | ---- | C] () -- C:\windows\wininit.ini
[2014/04/17 21:36:54 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2014/04/14 14:03:13 | 000,007,602 | ---- | C] () -- C:\Users\READACTED\AppData\Local\Resmon.ResmonCfg
[2012/05/24 15:43:45 | 000,450,560 | ---- | C] () -- C:\windows\emunist.exe
[2012/05/24 15:43:44 | 000,002,091 | ---- | C] () -- C:\windows\TVEpaDrv.ini
[2012/03/20 21:17:49 | 000,103,272 | ---- | C] () -- C:\Users\READACTED\GoToAssistDownloadHelper.exe
[2012/03/17 15:46:20 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/17 20:11:17 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 17:27:20 | 000,060,304 | ---- | C] () -- C:\Users\READACTED\g2mdlhlpx.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/16 23:08:06 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\AnvSoft
[2012/05/19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Auslogics
[2012/06/06 10:45:45 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Book Place
[2012/02/15 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\com.theplatform.uploader.mpxUploader.2E193595239B092025BF2AFA19E68167181AF44F.1
[2014/05/23 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Dropbox
[2014/05/15 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\DropboxMaster
[2012/07/12 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Motorola
[2012/07/12 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Motorola Mobility
[2012/02/10 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Tific
[2012/03/17 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\Toshiba
[2014/04/17 21:38:28 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\VDownloader
[2013/07/02 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\webex
[2014/04/07 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\WildTangent
[2012/02/10 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\READACTED\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >


Part 2 coming up....

 

[dlubell]

And here is the Extras log:

OTL Extras logfile created on: 5/23/2014 2:31:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\REDACTED\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 64.28% Memory free
10.96 Gb Paging File | 8.85 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.37 Gb Total Space | 379.43 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1863.01 Gb Total Space | 733.10 Gb Free Space | 39.35% Space Free | Partition Type: NTFS

Computer Name: REDACTED-PC | User Name: REDACTED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A7F57D-7B26-438F-A2DD-524A8324B98C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CE8F904-E12D-474B-A31C-3451078E53B8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{15D25908-12BF-45DF-BB00-51E1AB15B10A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C8897F3-EA61-4B38-9760-6AC381CF77CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{36D25E8C-D8FD-4CDC-8C7D-3A0FD0B8DF8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E3E5C64-246E-46F8-8962-142B673C6196}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F796F42-B380-4DD7-872D-910507E9C17A}" = rport=445 | protocol=6 | dir=out | app=system |
"{743AFF2D-3640-4E19-A785-B642D2F029A0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{75A0C82F-C73B-44BA-B21E-64B501128566}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B5294E0-1CD8-4156-922E-DCF4B3C7D46C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8103D8B6-7E8F-402D-A777-D67A536CADCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{86C586B7-C39D-4C6A-AF7B-3CDDC40323FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D186882-10E3-42AF-8918-EB45B720DDAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{8DFD88F8-ED74-450F-984F-B622BF177A93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93F3EC98-ED11-461B-A336-62F86B3B8911}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A0A762A-41DE-42A2-9FE5-2CD9DE05F8C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8FD33C4-1186-4E92-9028-76FA92CA0107}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0719328-B4A8-4004-B8F7-20CD0508E5D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4C3FBB3-898B-4C0C-82DE-B448E659F575}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB443FFB-2F29-4A15-88CC-B5C9F8AE3C4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D5AEBAC7-DD0A-4C70-BBA9-5F2A9B8ED37F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D99AA55A-E903-4D5C-8F0D-FD88CB5DB121}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA720E2B-AF78-4BA9-A2F1-BAC0C5FE77BB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E4D12416-BC01-405D-A7AA-AF9AFE75EC25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEF990B4-6A07-443E-92FD-90996304426F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2303B21-24A7-4788-8C9B-E1D3E4FA3043}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8BB4A99-AC25-41F3-824F-7BBAADEEFAA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE46179A-9576-4C1C-9095-274806E87B53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E3C261-6CD4-47CC-BA36-A3B26C88FC37}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{09220F83-4B19-4A2D-B903-90DA944A01CF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1114F90C-A7FB-40E5-94E4-D07C4987927A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C99CC03-DED0-410E-9E57-DA9E9FDC176A}" = protocol=6 | dir=in | app=c:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe |
"{229FBEAD-98F1-49D3-97D5-392DD8AB46C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{23EFB2A9-2B0A-4A41-8A12-01E016499A69}" = protocol=17 | dir=in | app=c:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe |
"{25E768FE-703B-4ACE-BD49-C80885E23FD6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34DA0E9F-0CDB-49A8-8A6B-A5AE0F9C86A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4134FBDB-A875-49B0-87CB-9C1E7C5E4E16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E21B204-F4AD-4515-9759-7C554A2084F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4ECA8786-6B61-4E86-97F0-B3B5BAE4ABF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50C9B774-5FB4-4A59-9EB4-6C689262A9DE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D94AD0F-6DE9-4ADB-BFBB-9391B050B258}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5F2DCB96-0AB8-4043-9B5C-DB8B8BF8B974}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{5F6B906A-A8DF-4708-81ED-C5703DDDFC05}" = protocol=6 | dir=out | app=system |
"{60708C73-3AE5-4F13-A315-9851B78E50DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{70979EB0-744F-49C4-9F24-846F8B9C70CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7405907F-C5F7-48EF-B28E-B1101277137C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81007CE8-E82D-4EA7-8177-A5FE4C852F64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89C4EB96-EC99-4B9E-B780-2D588BB670BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9171A43D-7C25-48F1-B79A-8418DC029904}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{93CC0EF3-18FC-4E8A-BE28-5F57E9D1B635}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{97C142EA-3E57-4CAF-99B3-320BA8EBC033}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{995B4C3A-4C2E-459B-A965-88CE09B09D08}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{A0B0F1FD-9C56-40BB-8D57-45CFE254CD4B}" = dir=in | app=e:\itunes\itunes.exe |
"{A0E9C680-FB23-4D58-A387-E62BF521C575}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AE0378C7-BCC3-4719-A3BB-7657887A9728}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{B10F47A7-D54E-45FB-A0DC-1A4E2F5E70A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B115FF7E-EA44-4401-BBC2-A1A84304711E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B46F0041-CBCC-43CC-AC63-C902ADFF8AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF3E0828-D298-4F5A-A45B-D4B1761AFA90}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C43727EC-B362-4248-BBC3-EC541071E265}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0759B81-2BA6-427E-B758-E811A010512C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E76D8841-443D-4CB0-8652-27E88A5E5436}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ED1899CE-E16F-46B2-B91B-263C6454C350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA9895D-DF5E-4F5D-A6B8-B876EF68159C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6417856-7499-4393-8BB8-7DE995DCEDC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{718053CB-BE15-4B4A-ACC9-DE3C39002FF4}C:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DD28215F-1BB5-4067-8F68-6C3539DB8EA8}C:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\REDACTED\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{14AC80A3-D80B-85E0-131D-8E0F581DACB6}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BFBC3C9-A4F2-E7F9-E8B2-1495D3928068}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1693
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADF96813-AFAD-7A71-402D-2D2795401B9E}" = WMV9/VC-1 Video Playback
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"RolandRDID0098" = UA-1G Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06CF83C8-A7F9-37E0-18E0-76F78E4E93BE}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6A8CB7-A4F8-CC55-5554-6315DC90B587}" = CCC Help Japanese
"{0C71A279-B127-7C96-3084-5E23C4607E8B}" = CCC Help Chinese Standard
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}" = RealDownloader
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27993E6B-F23B-B04C-2C43-F6A1EA57CBD2}" = CCC Help Greek
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B0F41D8-A9BD-70AC-B5E9-88DCF3A67E78}" = AMD VISION Engine Control Center
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2C3CE57D-29A8-A7CE-5A66-C32A6F1CCBF0}" = CCC Help Thai
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{41986453-361D-B758-D8B4-3880347C40F8}" = CCC Help Italian
"{42310CC1-FA1E-9FE1-232F-256464800E3B}" = CCC Help Russian
"{42CAFBDA-8AFC-1CF9-9C48-53C0983F3CA2}" = CCC Help Polish
"{436246B4-B913-A367-EA3B-FB3681DE297B}" = CCC Help Dutch
"{4770ED83-7480-46BE-8A9B-BC5180A47DEE}" = Driver Install 64bit
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F3831C7-EE2B-804E-E580-9380D1D3E3CF}" = CCC Help English
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B73583F-A5B8-EDC3-24BE-5EE0B77B44D3}" = Catalyst Control Center Localization All
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D323CD4-8229-2A02-947C-6B79BB162B32}" = CCC Help French
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6791C5E8-F9BE-FE7A-8CE1-2A9BEEF0CC49}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ADC1384-4E79-44D5-BB9A-F1DB4038C79E}" = TurboTax 2011 wmaiper
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{744128C6-16E7-77F0-6A60-79AB9ECBC7D4}" = CCC Help Chinese Traditional
"{7689CE69-8BBC-D1D2-E43B-EFFCEFEC9819}" = CCC Help Portuguese
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{8FC9DDFF-EA30-00D7-4E4D-9ED088A6E847}" = CCC Help Norwegian
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AACD17B-FDD5-2E2F-BD31-15C1C92373E6}" = CCC Help Turkish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1030FC3-A706-FBB9-C5F4-BAF430F4129E}" = thePlatform mpx Uploader
"{A4595B6E-142F-DDEA-0B08-401261B26C5C}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6010CC-B655-0E28-FB36-DF4CD17FAA43}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B670EB67-B0B2-836B-ACF2-CB29325A01BE}" = CCC Help Czech
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D3144A-939C-840B-4337-87467F91C1EA}" = CCC Help Danish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B7EF81-4AEF-75A9-6F2C-787E65919BCF}" = CCC Help Swedish
"{D6EDFC58-862D-84DC-81B5-D122F30DC744}" = CCC Help Finnish
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EA2FC14A-5A8F-8C2A-ED2B-34B91DBB547E}" = CCC Help Hungarian
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Any Video Converter_is1" = Any Video Converter 5.5.8
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Cisco Connect" = Cisco Connect
"com.theplatform.uploader.mpxUploader.2E193595239B092025BF2AFA19E68167181AF44F.1" = thePlatform mpx Uploader
"Debut" = Debut Video Capture Software
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{4770ED83-7480-46BE-8A9B-BC5180A47DEE}" = Driver Install 64bit
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KWorld Editing Device Driver_is1" = KWorld Editing Device Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"RealPlayer 17.0" = RealPlayer Cloud
"Revo Uninstaller" = Revo Uninstaller 1.95
"TradersLittleHelper_is1" = Trader's Little Helper 2.7.0
"TurboTax 2011" = TurboTax 2011
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.1.3
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WTA-1ad18fff-4c2b-40a6-a7ac-d8ae001f0b14" = Polar Bowler
"WTA-56036b0d-3aef-4bb1-b3c2-33682daac529" = Bejeweled 3
"WTA-5cc9417e-44a9-48fa-b10a-ee7f18e53f08" = Penguins!
"WTA-71c873db-555a-4679-aa4b-955b76e5a82d" = Zuma's Revenge
"WTA-720495e2-82ef-4718-b61d-75a49710a0d0" = FATE - The Traitor Soul
"WTA-ba98eb69-1451-452c-b02f-7373d0fac5ad" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-d25e648e-c3de-44a6-98ec-55d30b556525" = Tom Clancy's Splinter Cell
"WTA-d2e84428-46e4-4d26-8622-ce670a332aea" = Plants vs. Zombies - Game of the Year
"WTA-d6309a38-3ffe-48ca-af45-e611186f0ee5" = Chuzzle Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2014 9:15:56 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19266

Error - 5/23/2014 9:15:57 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2014 9:15:57 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20264

Error - 5/23/2014 9:15:57 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20264

Error - 5/23/2014 9:15:59 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2014 9:15:59 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21372

Error - 5/23/2014 9:15:59 AM | Computer Name = REDACTED-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21372

Error - 5/23/2014 11:53:54 AM | Computer Name = REDACTED-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/23/2014 12:05:31 PM | Computer Name = REDACTED-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/23/2014 12:47:32 PM | Computer Name = REDACTED-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/24/2012 9:51:48 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 9:51:41 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/24/2012 10:51:56 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 10:51:54 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/24/2012 11:52:03 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 11:52:02 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/25/2012 4:18:02 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 4:18:02 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/26/2012 1:02:01 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 8:46:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/26/2012 4:01:36 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 4:01:36 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 7:29:09 AM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 7:29:02 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 4:06:42 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 4:06:42 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 1:42:24 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 1:41:28 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 3/23/2013 4:32:54 PM | Computer Name = REDACTED-PC | Source = MCUpdate | ID = 0
Description = 4:32:25 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 5/20/2014 12:08:31 PM | Computer Name = REDACTED-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/20/2014 12:08:31 PM | Computer Name = REDACTED-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/20/2014 12:08:31 PM | Computer Name = REDACTED-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/20/2014 12:08:31 PM | Computer Name = REDACTED-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/20/2014 12:08:31 PM | Computer Name = REDACTED-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/20/2014 12:11:19 PM | Computer Name = REDACTED-PC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2014 12:15:22 AM | Computer Name = REDACTED-PC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2014 12:56:23 AM | Computer Name = REDACTED-PC | Source = DCOM | ID = 10016
Description =

Error - 5/22/2014 11:04:37 PM | Computer Name = REDACTED-PC | Source = DCOM | ID = 10016
Description =

Error - 5/23/2014 12:48:33 PM | Computer Name = REDACTED-PC | Source = DCOM | ID = 10016
Description =


< End of report >

I reaaaally hope this helps.

Thanks!
-David

 

[ken545]

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*;*.local
  FF - prefs.js..browser.search.defaultenginename: "Trovi search"
  FF - prefs.js..browser.search.selectedEngine: "Trovi search"
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [EMPTYJAVA] 
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

 

[dlubell]

Hi Ken:

Here is the resulting log from the code you provided:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Trovi search" removed from browser.search.defaultenginename
Prefs.js: "Trovi search" removed from browser.search.selectedEngine
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\REDACTED\Downloads\cmd.bat deleted successfully.
C:\Users\REDACTED\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: REDACTED
->Java cache emptied: 256872 bytes

User: Default

User: Default User

User: dub_cm_auto

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: REDACTED
->Temp folder emptied: 4592365795 bytes
->Temporary Internet Files folder emptied: 368306292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53814641 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 64837 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dub_cm_auto

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1298145496 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38246 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028498 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,055.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232014_161642

Files\Folders moved on Reboot...
C:\Users\REDACTED\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\REDACTED\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
=====================================================================================================

Then, running OTL once more (using the settings previously provided) produced the following log (please note, I did not get an Extras.txt file this time -- I hope that's not a problem -- only the following):

OTL Log:

OTL logfile created on: 5/23/2014 4:23:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\REDACTED\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 63.90% Memory free
10.96 Gb Paging File | 8.89 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.37 Gb Total Space | 385.34 Gb Free Space | 66.28% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1863.01 Gb Total Space | 733.10 Gb Free Space | 39.35% Space Free | Partition Type: NTFS

Computer Name: REDACTED-PC | User Name: REDACTED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\REDACTED\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - c:\Users\REDACTED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw8wdm_.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV - (RealPlayer Cloud Service) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RDID1098) -- C:\Windows\SysNative\drivers\Rdwm1098.sys (Roland Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140522.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {248A9E69-47EE-4D8A-ACE0-74AFA56719D2}
IE:64bit: - HKLM\..\SearchScopes\{248A9E69-47EE-4D8A-ACE0-74AFA56719D2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7376AD3E-AF14-4948-8717-94DECEF15705}
IE - HKCU\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{7376AD3E-AF14-4948-8717-94DECEF15705}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS470
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\REDACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\REDACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX [2014/04/17 21:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/05/23 16:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 22:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/01/11 13:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/21 11:25:36 | 000,000,000 | ---D | M]

[2012/04/07 18:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Extensions
[2014/05/21 00:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions
[2014/05/21 00:23:46 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/15 22:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/21 00:20:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/14 14:09:06 | 000,032,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2014/05/21 11:24:48 | 000,148,040 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_1\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaoiaebiknfcpkilegmngdncgemgboa\4.1\

O1 HOSTS File: ([2014/05/23 16:16:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7F52C0-2F71-400A-B2F8-A39E6683DD80}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 21:02:16 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/23 16:16:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/23 11:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/23 11:36:30 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/23 11:36:30 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/23 11:36:30 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/23 11:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/05/21 11:28:57 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/05/21 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/05/21 11:25:35 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:18 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/20 23:53:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/20 23:51:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/20 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\Desktop\Old Firefox Data
[2014/05/20 00:39:52 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/19 22:28:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/19 22:28:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/19 22:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saverON
[2014/05/19 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\saverON
[2014/05/19 17:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\9ddfa9f7f5a0309b
[2014/05/19 17:44:07 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Local\Packages
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\REDACTED\AppData\Local\EmieUserList
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\REDACTED\AppData\Local\EmieSiteList
[2014/05/15 23:51:20 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/05/15 23:51:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/05/15 23:50:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/05/15 23:50:41 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/05/15 23:50:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/05/15 23:50:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/05/15 23:50:38 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/05/15 23:50:37 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/05/15 23:50:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/05/15 23:50:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/05/15 23:50:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/05/15 23:50:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/05/15 23:50:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/05/15 23:50:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/05/15 23:50:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/05/15 23:50:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/05/15 23:50:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/05/15 23:50:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:31 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/05/15 23:50:31 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/05/15 23:50:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/05/15 23:50:30 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/05/15 23:50:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/05/15 23:50:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/05/15 23:50:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/15 23:50:26 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/05/15 23:50:25 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/05/15 23:50:20 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/05/15 23:35:25 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/15 23:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 22:58:36 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/15 22:58:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/15 22:56:55 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/15 22:56:53 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/15 22:56:53 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/15 22:56:53 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/15 22:56:52 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/15 22:56:52 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/15 22:56:52 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/15 22:56:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/15 22:56:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/15 22:56:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/15 22:56:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/15 22:56:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/15 22:56:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/15 22:56:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/15 22:56:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/15 22:56:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/15 22:56:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/15 22:56:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/15 22:56:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/15 22:56:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/15 22:56:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/15 22:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/15 22:45:15 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\DropboxMaster
[2 C:\Users\REDACTED\Desktop\*.tmp files -> C:\Users\REDACTED\Desktop\*.tmp -> ]
[2 C:\Users\REDACTED\*.tmp files -> C:\Users\REDACTED\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/23 16:28:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 16:28:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 16:26:03 | 000,875,838 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/23 16:26:03 | 000,728,788 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/23 16:26:03 | 000,147,554 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/23 16:21:53 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 16:20:58 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/23 16:20:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/23 16:20:01 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/23 16:16:44 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/05/23 16:13:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000UA.job
[2014/05/23 15:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/23 15:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/23 11:36:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/23 11:21:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000Core.job
[2014/05/22 22:46:04 | 000,001,279 | ---- | M] () -- C:\Users\REDACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | M] () -- C:\Users\REDACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | M] () -- C:\Users\REDACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:25:35 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:54 | 000,001,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 11:24:18 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:52:12 | 000,007,667 | ---- | M] () -- C:\windows\wininit.ini
[2014/05/21 00:20:47 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/19 22:28:50 | 002,156,176 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\Cat.DB
[2014/05/19 14:23:32 | 937,407,564 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/05/16 19:31:06 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/05/16 04:57:54 | 000,037,423 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\VT20140516.004
[2014/05/15 23:29:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/15 23:29:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/15 22:51:22 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014/05/15 22:45:34 | 000,001,074 | ---- | M] () -- C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/15 22:45:06 | 000,001,056 | ---- | M] () -- C:\Users\REDACTED\Desktop\Dropbox.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/11 03:11:03 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\isolate.ini
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/08 18:22:25 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2 C:\Users\REDACTED\Desktop\*.tmp files -> C:\Users\REDACTED\Desktop\*.tmp -> ]
[2 C:\Users\REDACTED\*.tmp files -> C:\Users\REDACTED\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/23 11:36:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/22 22:46:04 | 000,001,279 | ---- | C] () -- C:\Users\REDACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | C] () -- C:\Users\REDACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | C] () -- C:\Users\REDACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:24:52 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 00:20:46 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/21 00:20:44 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/19 23:34:19 | 000,007,667 | ---- | C] () -- C:\windows\wininit.ini
[2014/04/17 21:36:54 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2014/04/14 14:03:13 | 000,007,602 | ---- | C] () -- C:\Users\REDACTED\AppData\Local\Resmon.ResmonCfg
[2012/05/24 15:43:45 | 000,450,560 | ---- | C] () -- C:\windows\emunist.exe
[2012/05/24 15:43:44 | 000,002,091 | ---- | C] () -- C:\windows\TVEpaDrv.ini
[2012/03/20 21:17:49 | 000,103,272 | ---- | C] () -- C:\Users\REDACTED\GoToAssistDownloadHelper.exe
[2012/03/17 15:46:20 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/17 20:11:17 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 17:27:20 | 000,060,304 | ---- | C] () -- C:\Users\REDACTED\g2mdlhlpx.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/16 23:08:06 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\AnvSoft
[2012/05/19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Auslogics
[2012/06/06 10:45:45 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Book Place
[2012/02/15 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\com.theplatform.uploader.mpxUploader.2E193595239B092025BF2AFA19E68167181AF44F.1
[2014/05/23 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Dropbox
[2014/05/15 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\DropboxMaster
[2012/07/12 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Motorola
[2012/07/12 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Motorola Mobility
[2012/02/10 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Tific
[2012/03/17 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Toshiba
[2014/04/17 21:38:28 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\VDownloader
[2013/07/02 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\webex
[2014/04/07 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\WildTangent
[2012/02/10 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Any thoughts?

-David

 

[ken545]

Go to Start > Control Panel > Internet Options > Connections Tab > Lan Setting and make sure AUTOMATICALLY DETECT SETTING is checked, ok your way out

Reboot and run a new scan with OTL and post the log please, you only get the extras log on the first run so dont knock yourself out looking for it

 

[dlubell]

Okey Doke Ken, done and done:

OTL logfile created on: 5/23/2014 5:35:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\REDACTED\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 60.53% Memory free
10.96 Gb Paging File | 8.83 Gb Available in Paging File | 80.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.37 Gb Total Space | 385.31 Gb Free Space | 66.28% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1863.01 Gb Total Space | 733.10 Gb Free Space | 39.35% Space Free | Partition Type: NTFS

Computer Name: REDACTED-PC | User Name: REDACTED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\REDACTED\Downloads\OTL(2).exe (OldTimer Tools)
PRC - c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - c:\Users\REDACTED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4auc6.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV - (RealPlayer Cloud Service) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RDID1098) -- C:\Windows\SysNative\drivers\Rdwm1098.sys (Roland Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.001\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140522.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {248A9E69-47EE-4D8A-ACE0-74AFA56719D2}
IE:64bit: - HKLM\..\SearchScopes\{248A9E69-47EE-4D8A-ACE0-74AFA56719D2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\SearchScopes,DefaultScope = {7376AD3E-AF14-4948-8717-94DECEF15705}
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\SearchScopes\{21DDE427-19C7-4025-AA3C-3D3A31167A4D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\SearchScopes\{7376AD3E-AF14-4948-8717-94DECEF15705}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS470
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\REDACTED\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\REDACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\REDACTED\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX [2014/04/17 21:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/05/23 17:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 22:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/01/11 13:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/21 11:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/21 11:25:36 | 000,000,000 | ---D | M]

[2012/04/07 18:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Extensions
[2014/05/21 00:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions
[2014/05/21 00:23:46 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\j21f8xix.default-1400639664215\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/15 22:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/21 00:20:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/14 14:09:06 | 000,032,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2014/05/21 11:24:48 | 000,148,040 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_1\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaoiaebiknfcpkilegmngdncgemgboa\4.1\

O1 HOSTS File: ([2014/05/23 16:16:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\REDACTED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1565997708-1866841008-1819670188-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7F52C0-2F71-400A-B2F8-A39E6683DD80}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5ABAF55-1C92-4246-854D-694EB52BA041}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 21:02:16 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/23 16:16:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/23 11:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/23 11:36:30 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/23 11:36:30 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/23 11:36:30 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/23 11:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/05/22 22:46:04 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/05/21 11:28:57 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/05/21 11:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/05/21 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/05/21 11:25:35 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:18 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/20 23:53:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/20 23:51:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/20 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\Desktop\Old Firefox Data
[2014/05/20 00:39:52 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/19 22:28:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/19 22:28:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/19 22:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saverON
[2014/05/19 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\saverON
[2014/05/19 17:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\9ddfa9f7f5a0309b
[2014/05/19 17:44:07 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Local\Packages
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\REDACTED\AppData\Local\EmieUserList
[2014/05/19 15:54:03 | 000,000,000 | -HSD | C] -- C:\Users\REDACTED\AppData\Local\EmieSiteList
[2014/05/15 23:51:20 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/05/15 23:51:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/05/15 23:50:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/05/15 23:50:41 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/05/15 23:50:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/05/15 23:50:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/05/15 23:50:38 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/05/15 23:50:37 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/05/15 23:50:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/05/15 23:50:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/05/15 23:50:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/05/15 23:50:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/05/15 23:50:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/05/15 23:50:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/05/15 23:50:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/05/15 23:50:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/05/15 23:50:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/05/15 23:50:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/15 23:50:31 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/05/15 23:50:31 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/05/15 23:50:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/05/15 23:50:30 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/05/15 23:50:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/05/15 23:50:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/05/15 23:50:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/15 23:50:26 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/05/15 23:50:25 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/05/15 23:50:20 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/05/15 23:35:25 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/15 23:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 22:58:36 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/15 22:58:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/15 22:56:55 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/15 22:56:53 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/15 22:56:53 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/15 22:56:53 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/15 22:56:52 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/15 22:56:52 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/15 22:56:52 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/15 22:56:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/15 22:56:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/15 22:56:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/15 22:56:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/15 22:56:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/15 22:56:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/15 22:56:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/15 22:56:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/15 22:56:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/15 22:56:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/15 22:56:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/15 22:56:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/15 22:56:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/15 22:56:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/15 22:56:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/15 22:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/15 22:45:15 | 000,000,000 | ---D | C] -- C:\Users\REDACTED\AppData\Roaming\DropboxMaster
[2 C:\Users\REDACTED\Desktop\*.tmp files -> C:\Users\REDACTED\Desktop\*.tmp -> ]
[2 C:\Users\REDACTED\*.tmp files -> C:\Users\REDACTED\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/23 17:36:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 17:36:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/23 17:33:38 | 000,875,838 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/23 17:33:38 | 000,728,788 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/23 17:33:38 | 000,147,554 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/23 17:30:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 17:29:48 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/23 17:28:53 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/23 17:28:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/23 17:28:14 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/23 17:13:01 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000UA.job
[2014/05/23 16:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/23 16:16:44 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/05/23 11:36:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/23 11:21:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1565997708-1866841008-1819670188-1000Core.job
[2014/05/22 22:46:04 | 000,001,279 | ---- | M] () -- C:\Users\REDACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | M] () -- C:\Users\REDACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | M] () -- C:\Users\REDACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:25:35 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/05/21 11:24:54 | 000,001,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 11:24:18 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/05/21 00:52:12 | 000,007,667 | ---- | M] () -- C:\windows\wininit.ini
[2014/05/21 00:20:47 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/19 22:28:50 | 002,156,176 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\Cat.DB
[2014/05/19 14:23:32 | 937,407,564 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/05/16 19:31:06 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/05/16 04:57:54 | 000,037,423 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\VT20140516.004
[2014/05/15 23:29:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/15 23:29:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/15 22:51:22 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014/05/15 22:45:34 | 000,001,074 | ---- | M] () -- C:\Users\REDACTED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/15 22:45:06 | 000,001,056 | ---- | M] () -- C:\Users\REDACTED\Desktop\Dropbox.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/11 03:11:03 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1503000.00C\isolate.ini
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/08 18:22:25 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2 C:\Users\REDACTED\Desktop\*.tmp files -> C:\Users\REDACTED\Desktop\*.tmp -> ]
[2 C:\Users\REDACTED\*.tmp files -> C:\Users\REDACTED\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/23 11:36:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/22 22:46:04 | 000,001,279 | ---- | C] () -- C:\Users\REDACTED\Desktop\Revo Uninstaller.lnk
[2014/05/21 20:10:08 | 000,004,823 | ---- | C] () -- C:\Users\REDACTED\Desktop\attach.zip
[2014/05/21 19:59:02 | 000,000,512 | ---- | C] () -- C:\Users\REDACTED\Desktop\MBR.dat
[2014/05/21 11:28:20 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/05/21 11:24:52 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/05/21 00:20:46 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/21 00:20:44 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/19 23:34:19 | 000,007,667 | ---- | C] () -- C:\windows\wininit.ini
[2014/04/17 21:36:54 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2014/04/14 14:03:13 | 000,007,602 | ---- | C] () -- C:\Users\REDACTED\AppData\Local\Resmon.ResmonCfg
[2012/05/24 15:43:45 | 000,450,560 | ---- | C] () -- C:\windows\emunist.exe
[2012/05/24 15:43:44 | 000,002,091 | ---- | C] () -- C:\windows\TVEpaDrv.ini
[2012/03/20 21:17:49 | 000,103,272 | ---- | C] () -- C:\Users\REDACTED\GoToAssistDownloadHelper.exe
[2012/03/17 15:46:20 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/17 20:11:17 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 17:27:20 | 000,060,304 | ---- | C] () -- C:\Users\REDACTED\g2mdlhlpx.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/16 23:08:06 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\AnvSoft
[2012/05/19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Auslogics
[2012/06/06 10:45:45 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Book Place
[2012/02/15 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\com.theplatform.uploader.mpxUploader.2E193595239B092025BF2AFA19E68167181AF44F.1
[2014/05/23 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Dropbox
[2014/05/15 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\DropboxMaster
[2012/07/12 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Motorola
[2012/07/12 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Motorola Mobility
[2012/02/10 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Tific
[2012/03/17 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\Toshiba
[2014/04/17 21:38:28 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\VDownloader
[2013/07/02 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\webex
[2014/04/07 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\WildTangent
[2012/02/10 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\REDACTED\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

-David

 

[ken545]

That entry I want to remove is still there

• Open IE
• Go to Tools> Internet Options > Advanced Tab
• Reset Internet Explorer Setting
• Reset
• This will take a few seconds
• Close IE and then reopen it

How are things running now, any problems ?

 

[dlubell]

"That entry I want to remove is still there"

DAMMIT!

Ok, I went through all the steps with IE, and installed IE 11 for me....though I typically use FireFox. Still, good to have the latest rev.

"How are things running now, any problems ?"

No, everything *seems* to be ok. Want me to run OTL one more time, just to be safe?

-David

 

[dlubell]

Want me to run OTL one more time, just to be safe?

BTW, why is it that every time I run OTL, the damned Java updater pops up and wants to do its thing?!? Pain in the butt!

-D

 

[ken545]

Go ahead and update your Java, its just makes your system more secure

We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 55, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here




Go ahead and run a new scan with OTL, cant hurt