TechSpot

Please check my PC...

Solved
By lroman3
Jan 26, 2014
  1. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Which browser?
    Did you try different browser?
     
  2. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    I am using IE for browser. I haven't tried anything else.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by User on Fri 01/31/2014 at 21:03:36.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\wincert"
    Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/31/2014 at 21:11:16.61
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  3. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    How are you downloading then?

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.
     
  4. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    OTL Extras logfile created on: 1/31/2014 9:16:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: | Country: | Language: | Date Format:
    4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
    7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
    Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT
    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    ========== Shell Spawning ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
    ========== Security Center Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2EB1C651-6132-4735-85E9-6AE49851A6D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4C4C2EA6-8C52-46CC-88AC-0B98597DCE61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E1AC66EC-B756-45E6-B9D8-280363AD69BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05980FAE-C726-4AE9-BDCE-4CD755A4D70B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
    "{5628E159-4706-4041-8532-D2EC392BFAA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5FDC4BA2-2069-40B6-AE84-B7DBD0CABF6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{60E12534-DA33-4747-98A4-734B65D44513}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{61481972-6042-4F43-B703-1B3419594DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{6965FBB0-907E-47D9-816D-87E785493FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
    "{6D7AB13F-8006-48F2-98FD-A88A3C5D98BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{71AB0C0F-BEBA-4991-84AC-ADBD04CEE302}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{7BF391D1-41DB-4D6B-8DAE-97036260D528}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
    "{8D916EE4-D3EE-41C7-851F-415F3B437C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
    "{9B371185-1486-4732-829C-171B5EAF26F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
    "{D4A40C96-92DE-4C57-8B14-571C0B12FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
    "TCP Query User{02FFE3AF-1D55-4521-8D98-F09E739231DC}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
    "TCP Query User{120F56B9-F227-43B3-AD70-6437C64342EE}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
    "TCP Query User{4B2A1FAE-461E-4F30-A104-206495A8AA64}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
    "TCP Query User{660104DB-040C-4702-A9D2-0C1DFEAD226E}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
    "UDP Query User{2F195C53-9A8F-49E8-8544-81720AA38CEC}C:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\recovery mode fix\tinyumbrella-6.10.03a.exe |
    "UDP Query User{4A4813A7-CC80-424D-BC9A-1271A450FA6B}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
    "UDP Query User{90D65AD4-D1B3-4E4C-8A1A-EBFECF6238C6}C:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\glo6w3bu\tinyumbrella-6.10.03a.exe |
    "UDP Query User{DBDF8A35-408E-438F-9EFE-00526C7D2B58}C:\users\user\downloads\tinyumbrella-6.10.03a.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\tinyumbrella-6.10.03a.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
    "{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    "LTMOH" = LSI V92 MOH Application
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
     
  5. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
    "{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
    "{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
    "{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
    "{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
    "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
    "{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
    "{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
    "{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
    "{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
    "{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = TOSHIBA Upgrade Assistant
    "{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    "{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
    "{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
    "{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7884A50C-47D3-4F51-B187-CD6DE873B2F0}" = Nuance PaperPort 14
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
    "{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
    "{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
    "{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
    "{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
    "{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
    "{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
    "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
    "{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
    "{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Canon MP240 series User Registration" = Canon MP240 series User Registration
    "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "exPressit S.E. 2.1" = exPressit S.E. 2.1
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "NovaBACKUP" = NovaBACKUP
    "Picasa2" = Picasa 2
    "Settings Alerter" = Settings Alerter
    "ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
    "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
    "UN060501" = BUFFALO NAS Navigator2
    "UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Make sure you read my previous reply.
     
  7. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    I ran the reset for IE. That seemed to do the trick as I can now download on this computer. Up to now I was using thumb drive and moving files across computers.
     
  8. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good news :)

    I still need OTL.txt log.
     
  9. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    My apologies, I thought I had posted the OTL log.

    OTL logfile created on: 1/31/2014 9:16:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: | Country: | Language: | Date Format:

    4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.10% Memory free
    7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.05 Gb Total Space | 281.49 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
    Drive E: | 1.89 Gb Total Space | 1.83 Gb Free Space | 97.03% Space Free | Partition Type: FAT

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/31 20:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
    PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/08/13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    PRC - [2011/07/01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
    PRC - [2011/06/28 08:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
    PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/04/15 10:57:44 | 000,203,912 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
    PRC - [2010/01/26 08:22:38 | 001,897,952 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    PRC - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    PRC - [2009/05/15 14:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    PRC - [2009/03/28 14:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    PRC - [2009/02/16 19:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    PRC - [2008/03/10 20:20:00 | 000,689,488 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
    PRC - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/02 17:13:18 | 001,335,872 | ---- | M] () -- C:\Program Files (x86)\WOT\WOT.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/04/15 10:55:12 | 002,452,616 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
    MOD - [2010/04/15 10:49:24 | 000,183,432 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/08/21 09:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
    SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/03/26 21:18:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/04/15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/15 14:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
    SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
    SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/24 18:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EE34B334-E0D0-4876-B310-B42DE29A3CDE}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{EE34B334-E0D0-4876-B310-B42DE29A3CDE}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSHB_enUS419
    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\User\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/02 22:51:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/14 08:06:19 | 000,000,000 | ---D | M]

    [2013/05/02 22:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/03/26 21:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/03/26 21:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/03/26 21:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2014/01/30 19:05:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
    O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
    O4 - Startup: C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717 [2013/05/02 22:52:58 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/02 22:52:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Adobe [2013/05/05 18:30:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple Computer [2013/05/02 22:53:02 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\ATI [2013/05/02 22:53:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CanonBJ [2013/05/02 22:53:03 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\CanonIJ [2013/12/04 19:38:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CanonIJEGV [2013/12/04 19:28:56 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\CanonIJMyPrinter [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\CanonIJPLM [2014/01/10 16:02:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CanonIJScan [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\CanonIJSolutionMenu [2013/05/02 22:53:04 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\CyberLink [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\FLEXnet [2013/05/02 22:53:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Geek Squad [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Google [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\InterVideo [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Macrovision [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Malwarebytes [2013/05/02 22:53:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Malwarebytes' Anti-Malware (portable) [2014/01/29 11:51:37 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\McAfee [2013/05/02 22:53:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft [2013/05/02 22:53:22 | 000,000,000 | --SD | M]
    O4 - Startup: C:\Users\All Users\Microsoft Help [2014/01/25 21:20:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Mozilla [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Norton [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NortonInstaller [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NovaStor [2013/05/02 22:53:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Nuance [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Oracle [2014/01/25 12:44:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ScanSoft [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Sun [2013/05/02 22:53:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Symantec [2011/02/15 17:55:41 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Temp [2013/12/04 19:29:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Toshiba [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Ulead Systems [2013/05/02 22:53:40 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\WildTangent [2013/05/02 22:53:41 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Zeon [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013/05/02 22:54:23 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\AppData [2009/07/13 22:20:08 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Default\Application Data [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Desktop [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Downloads [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Favorites [2013/05/02 23:12:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Links [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Music [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\My Documents [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NetHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NTUSER.DAT ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
     
  10. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    O4 - Startup: C:\Users\Default\Pictures [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Recent [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Roaming [2013/05/02 23:12:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\Saved Games [2009/07/13 21:34:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\SendTo [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Templates [2009/07/14 00:08:56 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Videos [2009/07/13 21:34:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\AppData [2014/01/30 19:07:56 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Desktop [2013/05/05 18:28:40 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Documents [2009/07/14 00:08:56 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Downloads [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Favorites [2009/07/13 21:34:59 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Libraries [2009/07/13 23:54:24 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Music [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Pictures [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Recorded TV [2013/06/17 13:57:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Roaming [2013/05/02 22:54:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Videos [2009/07/13 23:54:24 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\.shsh [2013/05/02 23:06:44 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\User\AppData [2013/05/02 23:06:47 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\User\Application Data [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Contacts [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\Cookies [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Desktop [2014/01/31 21:11:16 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Downloads [2013/08/19 14:13:34 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\Favorites [2013/11/30 23:09:02 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\Links [2014/01/25 21:21:22 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\Local Settings [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Music [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\My Documents [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\My PaperPort.com [2013/02/24 15:51:27 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\User\NetHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\ntuser.dat ()
    O4 - Startup: C:\Users\User\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\User\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
    O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TM.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{5c36b422-85e6-11e3-87f1-001e653cc1ac}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TM.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{6ba3743a-d75e-11e2-87d9-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TM.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{c9df8421-fefa-11e2-a862-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TM.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{d0e6e2a6-846e-11e3-873a-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.0.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.1.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.2.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdc-86d3-11e3-aa0f-001e33d40161}.TxR.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TM.blf ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.dat{e4940cdd-86d3-11e3-aa0f-001e33d40161}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\User\ntuser.ini ()
    O4 - Startup: C:\Users\User\Pictures [2013/12/05 09:37:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\PrintHood [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Recent [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Roaming [2013/05/02 23:09:10 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\User\Saved Games [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\Searches [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\User\SendTo [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Start Menu [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\Sti_Trace.log ()
    O4 - Startup: C:\Users\User\Templates [2013/05/02 22:43:41 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\User\umbrella0.log ()
    O4 - Startup: C:\Users\User\Videos [2013/06/05 17:29:59 | 000,000,000 | R--D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-3484798978-2103683542-120407626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.21.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3197978C-19DE-43B7-9DF0-AC3E1D7C068B}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | -H-- | M] () - E:\autorun.inf -- [ FAT ]
    O32 - AutoRun File - [2010/03/17 13:02:36 | 000,000,215 | R--- | M] () - E:\AUTORUN_.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/31 20:54:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/30 19:07:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/01/30 19:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/01/30 18:14:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/30 18:14:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/30 18:14:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/30 18:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/29 11:40:09 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/29 11:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/01/29 11:39:17 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/27 18:36:49 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/01/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
    [2014/01/25 12:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/01/25 10:29:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2014/01/25 10:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

    ========== Files - Modified Within 30 Days ==========

    [2014/01/31 21:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/31 21:07:14 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/31 21:03:50 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/31 21:03:50 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/31 21:03:50 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/31 20:57:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/31 20:56:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/31 20:56:21 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/30 19:05:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/01/30 18:55:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2014/01/29 11:40:09 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/29 11:39:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

    ========== Files Created - No Company Name ==========

    [2014/01/31 20:53:24 | 000,602,112 | ---- | C] () -- \OTL.exe
    [2014/01/31 20:53:13 | 001,037,068 | ---- | C] () -- \JRT.exe
    [2014/01/31 20:52:59 | 001,166,132 | ---- | C] () -- \adwcleaner.exe
    [2014/01/30 18:14:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/30 18:14:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/30 18:14:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/30 18:14:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/30 18:14:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/01/30 18:09:10 | 001,933,048 | ---- | C] () -- \rkill.exe
    [2014/01/30 18:06:26 | 005,177,551 | R--- | C] () -- \ComboFix.exe
    [2014/01/29 11:31:05 | 004,380,160 | ---- | C] () -- \RogueKillerX64.exe
    [2014/01/29 11:15:13 | 012,589,848 | ---- | C] () -- \mbar-1.07.0.1009.exe
    [2014/01/27 18:59:31 | 000,688,992 | R--- | C] () -- \dds.com
    [2014/01/27 18:26:32 | 002,079,232 | ---- | C] () -- \FRST64.exe
    [2013/05/03 04:43:34 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/05/02 22:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/03/07 14:05:43 | 002,870,860 | ---- | C] () -- \Tightrope edit.mp3
    [2012/10/29 07:45:53 | 012,189,838 | ---- | C] () -- \twow1.pdf
    [2012/10/29 07:45:51 | 011,197,299 | ---- | C] () -- \twow2.pdf
    [2012/09/14 15:19:53 | 000,000,416 | ---- | C] () -- \SGPortable.lnk
    [2012/09/14 15:19:53 | 000,000,215 | R--- | C] () -- \AUTORUN_.INF
    [2012/09/14 15:19:53 | 000,000,215 | -H-- | C] () -- \autorun.inf

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/02 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\2EDBAA6B18AAF2BD00002EDB7B93F717
    [2013/05/02 22:52:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
    [2013/05/02 22:53:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
    [2013/12/04 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
    [2013/12/04 19:28:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
    [2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
    [2014/01/10 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
    [2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
    [2013/05/02 22:53:04 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenu
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
    [2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\Geek Squad
    [2013/05/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo
    [2013/05/02 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\NovaStor
    [2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nuance
    [2014/01/25 12:44:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\Oracle
    [2013/05/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
    [2013/12/04 19:29:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
    [2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
    [2013/05/02 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
    [2013/05/02 22:53:41 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
    [2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Zeon
    [2013/05/02 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2009/07/13 22:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2013/05/02 23:12:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2013/05/02 23:12:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Roaming
    [2009/07/13 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2009/07/13 21:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2014/01/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
    [2013/05/05 18:28:40 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2009/07/14 00:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2009/07/13 21:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2009/07/13 23:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
    [2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2013/06/17 13:57:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2013/05/02 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Public\Roaming
    [2009/07/13 23:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
    [2013/05/02 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\User\.shsh
    [2013/05/02 23:06:47 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Application Data
    [2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
    [2014/01/31 21:11:16 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
    [2013/11/11 11:22:53 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
    [2013/08/19 14:13:34 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
    [2013/11/30 23:09:02 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
    [2014/01/25 21:21:22 | 000,000,000 | R--D | M] -- C:\Users\User\Links
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Local Settings
    [2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Music
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\My Documents
    [2013/02/24 15:51:27 | 000,000,000 | ---D | M] -- C:\Users\User\My PaperPort.com
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\NetHood
    [2013/12/05 09:37:25 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\PrintHood
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
    [2013/05/02 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\User\Roaming
    [2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
    [2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Start Menu
    [2013/05/02 22:43:41 | 000,000,000 | -HSD | M] -- C:\Users\User\Templates
    [2013/06/05 17:29:59 | 000,000,000 | R--D | M] -- C:\Users\User\Videos

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 145 bytes -> C:\Users\All Users\Temp:FD9CE1F3
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FD9CE1F3
    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    @Alternate Data Stream - 145 bytes -> C:\Users\All Users\Temp:FD9CE1F3
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FD9CE1F3
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}\ not found.
    ADS C:\Users\All Users\Temp:FD9CE1F3 deleted successfully.
    Unable to delete ADS C:\ProgramData\Temp:FD9CE1F3 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives\Users\00000001 folder moved successfully.
    C:\FRST\Hives\Users folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Temp folder emptied: 0 bytes
    -> No Temporary Internet Files cache folder defined!

    User: Default
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: Public
    -> No Temporary Internet Files cache folder defined!

    User: User
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 565548 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: User

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: User

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02022014_115235
    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\TMP0000000F42340571A467860E not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  13. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    Results of screen317's Security Check version 0.99.79
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    JavaFX 2.1.0
    Java(TM) 6 Update 11
    Java 7 Update 51
    Adobe Reader XI
    Mozilla Firefox 20.0 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  14. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    Farbar Service Scanner Version: 02-02-2014
    Ran by User (administrator) on 02-02-2014 at 12:10:23
    Running from "C:\Users\User\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  15. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    Ran TFC. Not logs or messages to post.
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Eset?
     
  17. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    ESET is coming. Just waiting for it to complete. Started it once and it seemed to get hung at 63%. New start of ESET is currently at 93%. Shouldn't be too much longer.
     
  18. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    ESET took a little over 11 hours to complete.

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe.vir Win32/AdWare.Yontoo.F application cleaned by deleting - quarantined
     
  19. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Update Firefox to the latest 26.0 version.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  20. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Temp folder emptied: 0 bytes
    -> No Temporary Internet Files cache folder defined!

    User: Default
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: Public
    -> No Temporary Internet Files cache folder defined!

    User: User
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1095406 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: User

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: User

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 02062014_053921
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    14. Please, let me know, how your computer is doing.
     
  22. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    PC is running great.

    The only anomaly at the moment is Outlook. I went to launch outlook and I get prompted to create a new profile. It appears the mail profile has disappeared. Would you happen to have any thoughts on getting it back? I assume creating a new profile will mean that my contacts and other information will be lost.
     
  23. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Search your computer for "*.pst" files.
    Possibly you'll find them in two folders. One folder may contain your old data.
     
  24. lroman3

    lroman3 TS Enthusiast Topic Starter Posts: 143

    Yeah, I did that earlier and didn't find anything. Sounds like it may be gone for good and I should set up new profile for outlook.
     
  25. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    You may try to ask Outlook question by starting new topic in Windows forum.
    I'm not very familiar with Outlook and the access to this forum is very limited (just you and me).

    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.